git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 2 Sep 2024 23:32:05 +0000 (01:32 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 17 Sep 2024 19:26:50 +0000 (21:26 +0200)
commit	1a4e7c6fd6b5f4b3fd2fa38eacc92cf3d1a3717f
tree	c210d079ed7c5d3f476ad57e7970c339e265d160	tree
parent	3a9cb020a27bb8447e6325eb20605f62e95bc599	commit \| diff

src: support for timeout never in elements

Allow to specify elements that never expire in sets with global
timeout.

    set x {
        typeof ip saddr
        timeout 1m
        elements = { 1.1.1.1 timeout never,
                     2.2.2.2,
                     3.3.3.3 timeout 2m }
    }

in this example above:

- 1.1.1.1 is a permanent element
- 2.2.2.2 expires after 1 minute (uses default set timeout)
- 3.3.3.3 expires after 2 minutes (uses specified timeout override)

Use internal NFT_NEVER_TIMEOUT marker as UINT64_MAX to differenciate
between use default set timeout and timeout never if "timeout N" is used
in set declaration. Maximum supported timeout in milliseconds which is
conveyed within a netlink attribute is 0x10c6f7a0b5ec.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/nftables.h		diff \| blob \| blame \| history
src/expression.c		diff \| blob \| blame \| history
src/netlink.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history