Ander Juaristi <a@xxxxxxxxxxxx> wrote: > diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c > index 987d2d6ce624..a684abd00597 100644 > --- a/net/netfilter/nft_meta.c > +++ b/net/netfilter/nft_meta.c > @@ -50,6 +50,7 @@ void nft_meta_get_eval(const struct nft_expr *expr, > const struct net_device *in = nft_in(pkt), *out = nft_out(pkt); > struct sock *sk; > u32 *dest = ®s->data[priv->dreg]; > + s64 *d64; > #ifdef CONFIG_NF_TABLES_BRIDGE > const struct net_bridge_port *p; > #endif > @@ -254,6 +255,28 @@ void nft_meta_get_eval(const struct nft_expr *expr, > goto err; > strncpy((char *)dest, out->rtnl_link_ops->kind, IFNAMSIZ); > break; > + case NFT_META_TIME: > + d64 = (s64 *) dest; > + *d64 = get_seconds(); Nit; why limit this to 1 second granularity and not use ktime_get_real_ns() here instead? I don't mind, we could add NFT_META_TIME_NS if needed. Otherwise, this looks good to me. We could also split nft_meta_get_eval and add nft_meta_get_time_eval() to avoid increasing size of that function but its not a huge deal and could be done later anyway.
