From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, Eric Garver <e@erig.me>
Subject: [nft PATCH v4 0/7] Cache update fix && intra-transaction rule references
Date: Tue, 28 May 2019 23:03:16 +0200 [thread overview]
Message-ID: <20190528210323.14605-1-phil@nwl.cc> (raw)
This series combines the two series submitted earlier since they became
closely related in this iteration.
Patch 1 fixes a basic problem with cache_flush() after Eric's
cache_needs_more() change.
Patches 2, 3, 5 and 6 are requirements for patches 4 and 7 which are the
interesting ones: Patch 4 restores needed cache entries from command
list after a cache update. Patch 7 enables referencing a rule added by
the same transaction from another new rule by further exploiting the
logic added by patch 4.
Changes since v2 of "Resolve cache update woes" and v1 of "Support
intra-transaction rule references":
- Adjust cache_release() just like cache_flush().
- Split preparation work into separate patches.
- Adjust cache_add_commands() for later reuse by rule reference code,
also add error handling in case kernel ruleset changes incompatibly.
- Finally drop that workaround in tests/json_echo.
- Introduce rule_cache_update() as requested.
- Avoid fetching a full cache if the new rule does not contain any
reference.
Phil Sutter (7):
src: Fix cache_flush() in cache_needs_more() logic
libnftables: Keep list of commands in nft context
src: Make {table,chain}_not_found() public
src: Restore local entries after cache update
rule: Introduce rule_lookup_by_index()
src: Make cache_is_complete() public
src: Support intra-transaction rule references
include/nftables.h | 1 +
include/rule.h | 12 ++
src/evaluate.c | 107 +++++++-----
src/libnftables.c | 21 ++-
src/mnl.c | 4 +
src/rule.c | 152 +++++++++++++++++-
tests/json_echo/run-test.py | 6 +-
.../shell/testcases/cache/0003_cache_update_0 | 7 +
.../shell/testcases/nft-f/0006action_object_0 | 2 +-
tests/shell/testcases/transactions/0024rule_0 | 17 ++
.../transactions/dumps/0024rule_0.nft | 8 +
11 files changed, 280 insertions(+), 57 deletions(-)
create mode 100755 tests/shell/testcases/transactions/0024rule_0
create mode 100644 tests/shell/testcases/transactions/dumps/0024rule_0.nft
--
2.21.0
next reply other threads:[~2019-05-28 21:04 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-28 21:03 Phil Sutter [this message]
2019-05-28 21:03 ` [nft PATCH v4 1/7] src: Fix cache_flush() in cache_needs_more() logic Phil Sutter
2019-05-28 21:32 ` Eric Garver
2019-05-28 22:23 ` Phil Sutter
2019-05-28 21:03 ` [nft PATCH v4 2/7] libnftables: Keep list of commands in nft context Phil Sutter
2019-05-28 21:03 ` [nft PATCH v4 3/7] src: Make {table,chain}_not_found() public Phil Sutter
2019-05-28 21:03 ` [nft PATCH v4 4/7] src: Restore local entries after cache update Phil Sutter
2019-05-28 21:03 ` [nft PATCH v4 5/7] rule: Introduce rule_lookup_by_index() Phil Sutter
2019-05-28 21:03 ` [nft PATCH v4 6/7] src: Make cache_is_complete() public Phil Sutter
2019-05-28 21:03 ` [nft PATCH v4 7/7] src: Support intra-transaction rule references Phil Sutter
2019-05-31 16:56 ` Eric Garver
2019-06-03 16:59 ` Pablo Neira Ayuso
2019-06-04 7:17 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190528210323.14605-1-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=e@erig.me \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).