From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 00/25] Netfilter/nftables updates for net-next
Date: Wed, 21 May 2014 11:42:58 +0200 [thread overview]
Message-ID: <1400665402-5835-1-git-send-email-pablo@netfilter.org> (raw)
Hi David,
The following patchset contains Netfilter/nftables updates for net-next,
most relevantly they are:
1) Add set element update notification via netlink, from Arturo Borrero.
2) Put all object updates in one single message batch that is sent to
kernel-space. Before this patch only rules where included in the batch.
This series also introduces the generic transaction infrastructure so
updates to all objects (tables, chains, rules and sets) are applied in
an all-or-nothing fashion, these series from me.
3) Defer release of objects via call_rcu to reduce the time required to
commit changes. The assumption is that all objects are destroyed in
reverse order to ensure that dependencies betweem them are fulfilled
(ie. rules and sets are destroyed first, then chains, and finally
tables).
4) Allow to match by bridge port name, from Tomasz Bursztyka. This series
include two patches to prepare this new feature.
5) Implement the proper set selection based on the characteristics of the
data. The new infrastructure also allows you to specify your preferences
in terms of memory and computational complexity so the underlying set
type is also selected according to your needs, from Patrick McHardy.
6) Several cleanup patches for nft expressions, including one minor possible
compilation breakage due to missing mark support, also from Patrick.
You can pull these changes from:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables.git
Thanks!
----------------------------------------------------------------
The following changes since commit b1586f099ba897542ece36e8a23c1a62907261ef:
netpoll: Use skb_irq_freeable to make zap_completion_queue safe. (2014-04-01 17:53:36 -0400)
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables.git master
for you to fetch changes up to c7c32e72cbe23cea97c5d87ffcf6e23cc1ec1a65:
netfilter: nf_tables: defer all object release via rcu (2014-05-19 12:06:13 +0200)
----------------------------------------------------------------
Arturo Borrero (1):
netfilter: nf_tables: add set_elem notifications
Pablo Neira (1):
netfilter: nf_tables: relax string validation of NFTA_CHAIN_TYPE
Pablo Neira Ayuso (14):
netfilter: nf_tables: deconstify table and chain in context structure
netfilter: nf_tables: generalise transaction infrastructure
netfilter: nf_tables: relocate commit and abort routines in the source file
netfilter: nf_tables: add message type to transactions
netfilter: nf_tables: use new transaction infrastructure to handle sets
netfilter: nf_tables: refactor chain statistic routines
netfilter: nf_tables: use new transaction infrastructure to handle chain
netfilter: nf_tables: disabling table hooks always succeeds
netfilter: nf_tables: pass context to nf_tables_updtable()
netfilter: nf_tables: use new transaction infrastructure to handle table
netfilter: nf_tables: use new transaction infrastructure to handle elements
netfilter: nf_tables: simplify nf_tables_*_notify
netfilter: nf_tables: remove skb and nlh from context structure
netfilter: nf_tables: defer all object release via rcu
Patrick McHardy (6):
netfilter: nft_ct: add missing ifdef for NFT_MARK setting
netfilter: nft_meta: split nft_meta_init() into two functions for get/set
netfilter: nft_ct: split nft_ct_init() into two functions for get/set
netfilter: nf_tables: implement proper set selection
netfilter: nft_hash: use set global element counter instead of private one
netfilter: nf_tables: handle more than 8 * PAGE_SIZE set name allocations
Tomasz Bursztyka (3):
netfilter: nf_tables: Stack expression type depending on their family
netfilter: nf_tables: Make meta expression core functions public
netfilter: nf_tables: Add meta expression key for bridge interface name
include/net/netfilter/nf_tables.h | 130 +++-
include/net/netfilter/nft_meta.h | 36 +
include/uapi/linux/netfilter/nf_tables.h | 37 +
net/bridge/Makefile | 2 +-
net/bridge/netfilter/Kconfig | 14 +-
net/bridge/netfilter/Makefile | 1 +
net/bridge/netfilter/nft_meta_bridge.c | 139 ++++
net/netfilter/nf_tables_api.c | 1236 +++++++++++++++++++++---------
net/netfilter/nft_ct.c | 96 ++-
net/netfilter/nft_hash.c | 54 +-
net/netfilter/nft_lookup.c | 10 +-
net/netfilter/nft_meta.c | 103 ++-
net/netfilter/nft_rbtree.c | 21 +
13 files changed, 1407 insertions(+), 472 deletions(-)
create mode 100644 include/net/netfilter/nft_meta.h
create mode 100644 net/bridge/netfilter/nft_meta_bridge.c
next reply other threads:[~2014-05-21 9:43 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-21 9:42 Pablo Neira Ayuso [this message]
2014-05-21 9:42 ` [PATCH 01/25] netfilter: nft_ct: add missing ifdef for NFT_MARK setting Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 02/25] netfilter: nft_meta: split nft_meta_init() into two functions for get/set Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 03/25] netfilter: nft_ct: split nft_ct_init() " Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 04/25] netfilter: nf_tables: implement proper set selection Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 05/25] netfilter: nft_hash: use set global element counter instead of private one Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 06/25] netfilter: nf_tables: add set_elem notifications Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 07/25] netfilter: nf_tables: handle more than 8 * PAGE_SIZE set name allocations Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 08/25] netfilter: nf_tables: Stack expression type depending on their family Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 10/25] netfilter: nf_tables: Add meta expression key for bridge interface name Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 11/25] netfilter: nf_tables: relax string validation of NFTA_CHAIN_TYPE Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 12/25] netfilter: nf_tables: deconstify table and chain in context structure Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 13/25] netfilter: nf_tables: generalise transaction infrastructure Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 14/25] netfilter: nf_tables: relocate commit and abort routines in the source file Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 15/25] netfilter: nf_tables: add message type to transactions Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 16/25] netfilter: nf_tables: use new transaction infrastructure to handle sets Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 17/25] netfilter: nf_tables: refactor chain statistic routines Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 18/25] netfilter: nf_tables: use new transaction infrastructure to handle chain Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 19/25] netfilter: nf_tables: disabling table hooks always succeeds Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 20/25] netfilter: nf_tables: pass context to nf_tables_updtable() Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 21/25] netfilter: nf_tables: use new transaction infrastructure to handle table Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 22/25] netfilter: nf_tables: use new transaction infrastructure to handle elements Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 23/25] netfilter: nf_tables: simplify nf_tables_*_notify Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 24/25] netfilter: nf_tables: remove skb and nlh from context structure Pablo Neira Ayuso
2014-05-21 9:43 ` [PATCH 25/25] netfilter: nf_tables: defer all object release via rcu Pablo Neira Ayuso
2014-05-22 16:09 ` [PATCH 00/25] Netfilter/nftables updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1400665402-5835-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).