Element timeouts: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
(complete description of timeout and expires in a set) |
||
Line 1: | Line 1: | ||
The '''set''' infrastructure support establishing timeouts. A given '''set element''' | The '''set''' infrastructure support establishing timeouts. A given timed '''set element''' has 2 attributes: | ||
* '''timeout''': This time value, in seconds (10s), in minutes (12m), in hours (2h) or combination of all of them (2h12m10s), does not change and will be used to reset the '''expires''' value when required. | |||
* '''expires''': This value is a countdown time counter which starts with the '''timeout''' value, and could be reset from the packet path or the element will be deleted when it reaches the 0 value. | |||
Example, with per-element timeout: | Example, with per-element timeout: | ||
Line 17: | Line 20: | ||
</source> | </source> | ||
'''timeout''' and '''expires''' parameters cannot be modified in this case. The element should be recreated again if you need to reset them. In order to be able to reset it from packet path among other things you can use this feature by [[Updating sets from the packet path]]. | '''timeout''' and '''expires''' parameters cannot be modified in this case. The element should be recreated again if you need to reset them. | ||
<source lang="bash"> | |||
% nft delete element inet myfilter myset { 10.0.0.1 } | |||
% nft add element inet myfilter myset { 10.0.0.1 timeout 7s expires 5s } | |||
</source> | |||
In order to be able to reset it from packet path among other things you can use this feature by [[Updating sets from the packet path]]. |
Latest revision as of 09:06, 6 April 2020
The set infrastructure support establishing timeouts. A given timed set element has 2 attributes:
- timeout: This time value, in seconds (10s), in minutes (12m), in hours (2h) or combination of all of them (2h12m10s), does not change and will be used to reset the expires value when required.
- expires: This value is a countdown time counter which starts with the timeout value, and could be reset from the packet path or the element will be deleted when it reaches the 0 value.
Example, with per-element timeout:
% nft add table inet myfilter
% nft add set inet myfilter myset {type ipv4_addr\; flags timeout\; }
% nft add element inet myfilter myset {10.0.0.1 timeout 10s }
% nft list ruleset
table inet myfilter {
set myset {
type ipv4_addr
flags timeout
elements = { 10.0.0.1 timeout 10s expires 8s}
}
}
timeout and expires parameters cannot be modified in this case. The element should be recreated again if you need to reset them.
% nft delete element inet myfilter myset { 10.0.0.1 }
% nft add element inet myfilter myset { 10.0.0.1 timeout 7s expires 5s }
In order to be able to reset it from packet path among other things you can use this feature by Updating sets from the packet path.