summaryrefslogtreecommitdiff
path: root/include/net/netfilter
diff options
context:
space:
mode:
authorLaura Garcia Liebana <nevola@gmail.com>2019-06-18 11:11:02 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2019-06-19 17:48:36 +0200
commit79ebb5bb4e38a58ca796dd242b855a4982e101d7 (patch)
tree3699b34059266b749667aea4dc780db366136648 /include/net/netfilter
parent2f0513d487d2619c751fd08f5b7c64e759435ff4 (diff)
netfilter: nf_tables: enable set expiration time for set elements
Currently, the expiration of every element in a set or map is a read-only parameter generated at kernel side. This change will permit to set a certain expiration date per element that will be required, for example, during stateful replication among several nodes. This patch handles the NFTA_SET_ELEM_EXPIRATION in order to configure the expiration parameter per element, or will use the timeout in the case that the expiration is not set. Signed-off-by: Laura Garcia Liebana <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter')
-rw-r--r--include/net/netfilter/nf_tables.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 5b8624ae4a27..9e8493aad49d 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -636,7 +636,7 @@ static inline struct nft_object **nft_set_ext_obj(const struct nft_set_ext *ext)
void *nft_set_elem_init(const struct nft_set *set,
const struct nft_set_ext_tmpl *tmpl,
const u32 *key, const u32 *data,
- u64 timeout, gfp_t gfp);
+ u64 timeout, u64 expiration, gfp_t gfp);
void nft_set_elem_destroy(const struct nft_set *set, void *elem,
bool destroy_expr);