From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, Florian Westphal <fw@strlen.de>,
Eric Garver <e@erig.me>
Subject: Re: [nf-next PATCH v6 00/12] Dynamic hook interface binding part 2
Date: Tue, 20 May 2025 12:58:40 +0200 [thread overview]
Message-ID: <aCxgYJAE5G7nMi7V@orbyte.nwl.cc> (raw)
In-Reply-To: <20250415154440.22371-1-phil@nwl.cc>
Bump!
Anything I can do to help push this forward? The series I submitted to
add support for this to libnftnl and nftables should still apply as-is.
Anything else missing on my end? Or should I try to break this down into
smaller patches/chunks?
Thanks, Phil
On Tue, Apr 15, 2025 at 05:44:28PM +0200, Phil Sutter wrote:
> Changes since v5:
> - First part split into separate series (applied and present in Linus'
> git already).
> - Add nft_hook_find_ops_rcu() in patch 2 already to reduce size of patch
> 5.
> - New patch 4 to reduce size of patch 5.
> - New patch 6 preparing for patch 7 which in turn combines identical
> changes to both flowtables and netdev chains.
>
> Patches 1-5 prepare for and implement nf_hook_ops lists in nft_hook
> objects. This is crucial for wildcard interface specs and convenient
> with dynamic netdev hook registration upon NETDEV_REGISTER events.
>
> Patches 6-9 leverage the new infrastructure to correctly handle
> NETDEV_REGISTER and NETDEV_CHANGENAME events.
>
> Patch 10 prepares the code for non-NUL-terminated interface names passed
> by user space which resemble prefixes to match on. As a side-effect,
> hook allocation code becomes tolerant to non-matching interface specs.
>
> The final two patches implement netlink notifications for netdev
> add/remove events and add a kselftest.
>
> Phil Sutter (12):
> netfilter: nf_tables: Introduce functions freeing nft_hook objects
> netfilter: nf_tables: Introduce nft_hook_find_ops{,_rcu}()
> netfilter: nf_tables: Introduce nft_register_flowtable_ops()
> netfilter: nf_tables: Pass nf_hook_ops to
> nft_unregister_flowtable_hook()
> netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook
> netfilter: nf_tables: Prepare for handling NETDEV_REGISTER events
> netfilter: nf_tables: Respect NETDEV_REGISTER events
> netfilter: nf_tables: Wrap netdev notifiers
> netfilter: nf_tables: Handle NETDEV_CHANGENAME events
> netfilter: nf_tables: Support wildcard netdev hook specs
> netfilter: nf_tables: Add notications for hook changes
> selftests: netfilter: Torture nftables netdev hooks
>
> include/linux/netfilter.h | 3 +
> include/net/netfilter/nf_tables.h | 12 +-
> include/uapi/linux/netfilter/nf_tables.h | 10 +
> net/netfilter/nf_tables_api.c | 394 ++++++++++++++----
> net/netfilter/nf_tables_offload.c | 51 ++-
> net/netfilter/nft_chain_filter.c | 95 ++++-
> net/netfilter/nft_flow_offload.c | 2 +-
> .../testing/selftests/net/netfilter/Makefile | 1 +
> .../net/netfilter/nft_interface_stress.sh | 151 +++++++
> 9 files changed, 587 insertions(+), 132 deletions(-)
> create mode 100755 tools/testing/selftests/net/netfilter/nft_interface_stress.sh
>
> --
> 2.49.0
>
>
>
next prev parent reply other threads:[~2025-05-20 10:58 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-15 15:44 [nf-next PATCH v6 00/12] Dynamic hook interface binding part 2 Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 01/12] netfilter: nf_tables: Introduce functions freeing nft_hook objects Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 02/12] netfilter: nf_tables: Introduce nft_hook_find_ops{,_rcu}() Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 03/12] netfilter: nf_tables: Introduce nft_register_flowtable_ops() Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 04/12] netfilter: nf_tables: Pass nf_hook_ops to nft_unregister_flowtable_hook() Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 05/12] netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 06/12] netfilter: nf_tables: Prepare for handling NETDEV_REGISTER events Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 07/12] netfilter: nf_tables: Respect " Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 08/12] netfilter: nf_tables: Wrap netdev notifiers Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 09/12] netfilter: nf_tables: Handle NETDEV_CHANGENAME events Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 10/12] netfilter: nf_tables: Support wildcard netdev hook specs Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 11/12] netfilter: nf_tables: Add notications for hook changes Phil Sutter
2025-04-15 15:44 ` [nf-next PATCH v6 12/12] selftests: netfilter: Torture nftables netdev hooks Phil Sutter
2025-05-20 10:58 ` Phil Sutter [this message]
2025-05-20 11:03 ` [nf-next PATCH v6 00/12] Dynamic hook interface binding part 2 Pablo Neira Ayuso
2025-05-20 11:08 ` Phil Sutter
2025-05-20 22:28 ` Pablo Neira Ayuso
2025-05-21 15:32 ` Phil Sutter
2025-05-21 15:49 ` Phil Sutter
2025-05-21 15:51 ` Pablo Neira Ayuso
2025-05-21 16:46 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aCxgYJAE5G7nMi7V@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=e@erig.me \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.