netfilter: nf_tables: add set element timeout support

Add API support for set element timeouts. Elements can have a individual timeout value specified, overriding the sets' default. Two new extension types are used for timeouts - the timeout value and the expiration time. The timeout value only exists if it differs from the default value. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2015-03-26 08:39:37 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-04-01 05:17:28 -0400
commit: c3e1b005ed1cc068fc9d454a6e745830d55d251d (patch)
tree: 8d0a0ecff6682b87f1c0811f52c8ad933ab64d2d /include/uapi
parent: 761da2935d6e18d178582dbdf315a3a458555505 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 971d245e7378..83441cc4594b 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -290,12 +290,16 @@ enum nft_set_elem_flags {
 * @NFTA_SET_ELEM_KEY: key value (NLA_NESTED: nft_data)
 * @NFTA_SET_ELEM_DATA: data value of mapping (NLA_NESTED: nft_data_attributes)
 * @NFTA_SET_ELEM_FLAGS: bitmask of nft_set_elem_flags (NLA_U32)
+ * @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64)
+ * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
 */
 enum nft_set_elem_attributes {
        NFTA_SET_ELEM_UNSPEC,
        NFTA_SET_ELEM_KEY,
        NFTA_SET_ELEM_DATA,
        NFTA_SET_ELEM_FLAGS,
+        NFTA_SET_ELEM_TIMEOUT,
+        NFTA_SET_ELEM_EXPIRATION,
        __NFTA_SET_ELEM_MAX
 };
 #define NFTA_SET_ELEM_MAX       (__NFTA_SET_ELEM_MAX - 1)
author	Patrick McHardy <kaber@trash.net>	2015-03-26 08:39:37 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-04-01 05:17:28 -0400
commit	c3e1b005ed1cc068fc9d454a6e745830d55d251d (patch)
tree	8d0a0ecff6682b87f1c0811f52c8ad933ab64d2d /include/uapi
parent	761da2935d6e18d178582dbdf315a3a458555505 (diff)