Map updates can use timeouts, just like with sets, but the
linearization step did not pass this info to the kernel.
meta l4proto tcp update @pinned { ip saddr . ct original proto-src : ip daddr . ct original proto-dst timeout 90s
Listing this won't show the "timeout 90s" because kernel never saw it to
begin with.
NB: The above line attaches the timeout to the data element,
but there are no separate timeouts for the key and the value.
An alternative is to reject "key : value timeout X" from the parser
or evaluation step.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/netlink_linearize.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index c8bbcb7452b0..765b12263fa3 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1520,6 +1520,13 @@ static void netlink_gen_map_stmt(struct netlink_linearize_ctx *ctx,
nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_SET_ID, set->handle.set_id);
nft_rule_add_expr(ctx, nle, &stmt->location);
+ if (stmt->map.key->timeout > 0)
+ nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
+ stmt->map.key->timeout);
+ else if (stmt->map.data->timeout > 0)
+ nftnl_expr_set_u64(nle, NFTNL_EXPR_DYNSET_TIMEOUT,
+ stmt->map.data->timeout);
+
list_for_each_entry(this, &stmt->map.stmt_list, list)
num_stmts++;
--
2.38.1
