Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> On Mon, Dec 12, 2022 at 11:04:33AM +0100, Florian Westphal wrote:
> > When "update" is used with a map, nft will ignore a given timeout.
> > Futhermore, listing is broken, only the first data expression
> > gets decoded:
> >
> > in:
> > meta l4proto tcp update @pinned { ip saddr . ct original proto-src : ip daddr . ct original proto-dst timeout 90s }
> > out:
> > meta l4proto tcp update @pinned { ip saddr . ct original proto-src : ip daddr }
> >
> > Missing timeout is input bug (never passed to kernel), mussing
> > "proto-dst" is output bug.
> >
> > Also add a test case.
>
> Series LGTM, thanks.
>
> I might follow up to restrict the timeout to the key side unless you
> would like to look into this.
I've pushed this series out; I fixed the typo in patch 1 and I
mangled patch 2 to reject data-element timeouts from the eval phase.
