netlink_linearize: skip NFTNL_EXPR_DYNSET_TIMEOUT attribute if timeout is unset

Otherwise kernel bails out with EINVAL in case that the sets got no
timeout flag.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 01a85d07beabd9c194229e92dd3cbb6aa428e265..f4db685e17ca99b8448364330e407a649393ad61 100644 (file)
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1027,8 +1027,9 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx,
 
        nle = alloc_nft_expr("dynset");
        netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key);
-       nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
-                          stmt->set.key->timeout);
+       if (stmt->set.key->timeout > 0)
+               nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
+                                  stmt->set.key->timeout);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_OP, stmt->set.op);
        nftnl_expr_set_str(nle, NFTNL_EXPR_DYNSET_SET_NAME, set->handle.set);
        nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id);