When "update" is used with a map, nft will ignore a given timeout.
Futhermore, listing is broken, only the first data expression
gets decoded:
in:
meta l4proto tcp update @pinned { ip saddr . ct original proto-src : ip daddr . ct original proto-dst timeout 90s }
out:
meta l4proto tcp update @pinned { ip saddr . ct original proto-src : ip daddr }
Missing timeout is input bug (never passed to kernel), mussing
"proto-dst" is output bug.
Also add a test case.
Florian Westphal (3):
netlink_delinearize: fix decoding of concat data element
netlink_linearize: fix timeout with map updates
tests: add a test case for map update from packet path with concat
src/netlink_delinearize.c | 8 ++++++++
src/netlink_linearize.c | 7 +++++++
.../maps/dumps/typeof_maps_concat_update_0.nft | 12 ++++++++++++
.../testcases/maps/typeof_maps_concat_update_0 | 18 ++++++++++++++++++
4 files changed, 45 insertions(+)
create mode 100644 tests/shell/testcases/maps/dumps/typeof_maps_concat_update_0.nft
create mode 100755 tests/shell/testcases/maps/typeof_maps_concat_update_0
--
2.38.1
