Element timeouts: Difference between revisions
Jump to navigation
Jump to search
(add pointer to Updating sets from the packet path) |
No edit summary |
||
| Line 1: | Line 1: | ||
The set infrastructure support establishing timeouts. A given set element which is given a timeout will be deleted from the set after the timeout expires. | The '''set''' infrastructure support establishing timeouts. A given '''set element''' which is given a '''timeout''' will be deleted from the '''set''' after the timeout expires. | ||
Example, with per-element timeout: | Example, with per-element timeout: | ||
<source lang="bash"> | <source lang="bash"> | ||
% nft add table inet | % nft add table inet myfilter | ||
% nft add set inet | % nft add set inet myfilter myset {type ipv4_addr\; flags timeout\; } | ||
% nft add element inet | % nft add element inet myfilter myset {10.0.0.1 timeout 10s } | ||
% nft list ruleset | % nft list ruleset | ||
table inet | table inet myfilter { | ||
set myset { | set myset { | ||
type ipv4_addr | type ipv4_addr | ||
| Line 17: | Line 17: | ||
</source> | </source> | ||
'''timeout''' and '''expires''' parameters cannot be modified in this case. The element should be recreated again if you need to reset them. In order to be able to reset it from packet path among other things you can use this feature by [[Updating sets from the packet path]]. | |||
Revision as of 18:52, 5 April 2020
The set infrastructure support establishing timeouts. A given set element which is given a timeout will be deleted from the set after the timeout expires.
Example, with per-element timeout:
% nft add table inet myfilter
% nft add set inet myfilter myset {type ipv4_addr\; flags timeout\; }
% nft add element inet myfilter myset {10.0.0.1 timeout 10s }
% nft list ruleset
table inet myfilter {
set myset {
type ipv4_addr
flags timeout
elements = { 10.0.0.1 timeout 10s expires 8s}
}
}
timeout and expires parameters cannot be modified in this case. The element should be recreated again if you need to reset them. In order to be able to reset it from packet path among other things you can use this feature by Updating sets from the packet path.