On Mon, Dec 12, 2022 at 11:04:33AM +0100, Florian Westphal wrote:
> When "update" is used with a map, nft will ignore a given timeout.
> Futhermore, listing is broken, only the first data expression
> gets decoded:
>
> in:
> meta l4proto tcp update @pinned { ip saddr . ct original proto-src : ip daddr . ct original proto-dst timeout 90s }
> out:
> meta l4proto tcp update @pinned { ip saddr . ct original proto-src : ip daddr }
>
> Missing timeout is input bug (never passed to kernel), mussing
> "proto-dst" is output bug.
>
> Also add a test case.
Series LGTM, thanks.
I might follow up to restrict the timeout to the key side unless you
would like to look into this.
