]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0f60b46)
segtree: add timeout for range and prefix expressions in sets
authorPablo Neira Ayuso <pablo@netfilter.org>
Wed, 16 May 2018 21:03:51 +0000 (23:03 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 24 May 2018 07:42:30 +0000 (09:42 +0200)
# nft add table x
 # nft add set x y { type ipv4_addr\; flags timeout,interval\; }
 # nft add element x y { 7.4.4.5-8.8.8.8 comment "good guy" timeout 30s}
 # nft list ruleset
 table ip x {
       set y {
                type ipv4_addr
                flags interval,timeout
                elements = { 7.4.4.5-8.8.8.8 timeout 30s expires 27s956ms comment "good guy" }
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
src/segtree.c patch | blob | blame | history

diff --git a/src/segtree.c b/src/segtree.c
index 7a443632ece5ea939eeb51f78c989c5a6c6e0265..28d45c920c3cbe366d5e77a4e469e53aef5c2fc8 100644 (file)
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -542,6 +542,8 @@ static void set_insert_interval(struct expr *set, struct seg_tree *tree,
        if (ei->expr != NULL) {
                if (ei->expr->comment)
                        expr->comment = xstrdup(ei->expr->comment);
+               if (ei->expr->timeout)
+                       expr->timeout = ei->expr->timeout;
                if (ei->expr->ops->type == EXPR_MAPPING)
                        expr = mapping_expr_alloc(&ei->expr->location, expr,
                                                  expr_get(ei->expr->right));
@@ -831,6 +833,10 @@ void interval_map_decompose(struct expr *set)
                        tmp = set_elem_expr_alloc(&low->location, tmp);
                        if (low->comment)
                                tmp->comment = xstrdup(low->comment);
+                       if (low->timeout)
+                               tmp->timeout = low->timeout;
+                       if (low->expiration)
+                               tmp->expiration = low->expiration;
 
                        if (low->ops->type == EXPR_MAPPING)
                                tmp = mapping_expr_alloc(&tmp->location, tmp, low->right);
@@ -848,6 +854,10 @@ void interval_map_decompose(struct expr *set)
                        prefix = set_elem_expr_alloc(&low->location, prefix);
                        if (low->comment)
                                prefix->comment = xstrdup(low->comment);
+                       if (low->timeout)
+                               prefix->timeout = low->timeout;
+                       if (low->expiration)
+                               prefix->expiration = low->expiration;
 
                        if (low->ops->type == EXPR_MAPPING)
                                prefix = mapping_expr_alloc(&low->location, prefix,
Mirror of git://git.netfilter.org/nftables