netfilter: nf_tables: Introduce NFT_MSG_GETSETELEM_RESET

Analogous to NFT_MSG_GETOBJ_RESET, but for set elements with a timeout or attached stateful expressions like counters or quotas - reset them all at once. Respect a per element timeout value if present to reset the 'expires' value to. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2023-06-15 17:31:40 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-06-26 09:05:57 +0300
commit: 079cd633219d7298d087cd115c17682264244c18 (patch)
tree: b8c1750e04f34eba9d0edc21aa264639abf73aec /include/uapi
parent: 4589725502871e77d06464f731f92fd9173e2be6 (diff)
download: linux-079cd633219d7298d087cd115c17682264244c18.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index e059dc2644df..8466c2a9938f 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -105,6 +105,7 @@ enum nft_verdicts {
  * @NFT_MSG_DESTROYSETELEM: destroy a set element (enum nft_set_elem_attributes)
  * @NFT_MSG_DESTROYOBJ: destroy a stateful object (enum nft_object_attributes)
  * @NFT_MSG_DESTROYFLOWTABLE: destroy flow table (enum nft_flowtable_attributes)
+ * @NFT_MSG_GETSETELEM_RESET: get set elements and reset attached stateful expressions (enum nft_set_elem_attributes)
  */
 enum nf_tables_msg_types {
 	NFT_MSG_NEWTABLE,
@@ -140,6 +141,7 @@ enum nf_tables_msg_types {
 	NFT_MSG_DESTROYSETELEM,
 	NFT_MSG_DESTROYOBJ,
 	NFT_MSG_DESTROYFLOWTABLE,
+	NFT_MSG_GETSETELEM_RESET,
 	NFT_MSG_MAX,
 };
author	Phil Sutter <phil@nwl.cc>	2023-06-15 17:31:40 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-06-26 09:05:57 +0300
commit	079cd633219d7298d087cd115c17682264244c18 (patch)
tree	b8c1750e04f34eba9d0edc21aa264639abf73aec /include/uapi
parent	4589725502871e77d06464f731f92fd9173e2be6 (diff)
download	linux-079cd633219d7298d087cd115c17682264244c18.tar.xz