src: enable set expiration date for set elements

Currently, the expiration of every element in a set or map
is a read-only parameter generated at kernel side.

This change will permit to set a certain expiration date
per element that will be required, for example, during
stateful replication among several nodes.

This patch allows to propagate NFTA_SET_ELEM_EXPIRATION
from userspace to the kernel in order to set the
configured value.

Signed-off-by: Laura Garcia Liebana <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/set_elem.c b/src/set_elem.c
index ff983a67d62a7bd04f268b7beb1e9a21de93d4a1..47965249691dd828efe30f4108d5d2b9fe8c1bf5 100644 (file)
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -126,6 +126,9 @@ int nftnl_set_elem_set(struct nftnl_set_elem *s, uint16_t attr,
        case NFTNL_SET_ELEM_TIMEOUT:    /* NFTA_SET_ELEM_TIMEOUT */
                memcpy(&s->timeout, data, sizeof(s->timeout));
                break;
+       case NFTNL_SET_ELEM_EXPIRATION: /* NFTA_SET_ELEM_EXPIRATION */
+               memcpy(&s->expiration, data, sizeof(s->expiration));
+               break;
        case NFTNL_SET_ELEM_USERDATA: /* NFTA_SET_ELEM_USERDATA */
                if (s->flags & (1 << NFTNL_SET_ELEM_USERDATA))
                        xfree(s->user.data);
@@ -265,6 +268,8 @@ void nftnl_set_elem_nlmsg_build_payload(struct nlmsghdr *nlh,
                mnl_attr_put_u32(nlh, NFTA_SET_ELEM_FLAGS, htonl(e->set_elem_flags));
        if (e->flags & (1 << NFTNL_SET_ELEM_TIMEOUT))
                mnl_attr_put_u64(nlh, NFTA_SET_ELEM_TIMEOUT, htobe64(e->timeout));
+       if (e->flags & (1 << NFTNL_SET_ELEM_EXPIRATION))
+               mnl_attr_put_u64(nlh, NFTA_SET_ELEM_EXPIRATION, htobe64(e->expiration));
        if (e->flags & (1 << NFTNL_SET_ELEM_KEY)) {
                struct nlattr *nest1;