[Bug 1377] New: set timeout > 23d

Tue Nov 5 19:44:51 CET 2019

https://bugzilla.netfilter.org/show_bug.cgi?id=1377

            Bug ID: 1377
           Summary: set timeout > 23d
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Debian GNU/Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: acc-nftbls at online.de

it appears that Bug 1237 has not fixed the issue for timeouts provided in rules

kernel version: 4.19.67

# nft add set ip filter test \{type ipv4_addr\; timeout 30d\; flags timeout\;\}
# nft list set ip filter test
table ip filter {
    set test {
        type ipv4_addr
        size 65535
        timeout 30d <-- OK
    }
}

# nft add rule ip filter test tcp dport 12345  set update ip saddr timeout 30d
@test
# nft list chain ip filter test
table ip filter {
    chain test {
        tcp dport 12345 update @test { ip saddr timeout 49d17h2m47s288ms } <--
NOT OK
    }
}

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20191105/12d230b5/attachment.html>