From: Eric Garver <eric@garver.life>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft,v2 0/7] cache updates
Date: Mon, 26 Aug 2024 11:29:20 -0400 [thread overview]
Message-ID: <ZsyfUE24_cmTtLiL@egarver-mac> (raw)
In-Reply-To: <20240826085455.163392-1-pablo@netfilter.org>
On Mon, Aug 26, 2024 at 10:54:48AM +0200, Pablo Neira Ayuso wrote:
> Hi,
>
> The following patchset contains cache updates for nft:
>
> Patch #1 resets filtering for each new command
>
> Patch #2 accumulates cache flags for each command, recent patches are
> relaxing cache requirements which could uncover bugs.
>
> Patch #3 updates objects to use the netlink dump filtering infrastructure
> to build the cache (
>
> Patch #4 only dumps rules for the given table
>
> Patch #5 updates reset commands to use the cache infrastructure
>
> Patch #6 and #7 extend tests coverage for reset commands.
>
> Pablo Neira Ayuso (7):
> cache: reset filter for each command
> cache: accumulate flags in batch
> cache: add filtering support for objects
> cache: only dump rules for the given table
> cache: consolidate reset command
> tests: shell: cover anonymous set with reset command
> tests: shell: cover reset command with counter and quota
>
> include/cache.h | 12 +-
> include/netlink.h | 5 -
> src/cache.c | 201 ++++++++++++++----
> src/evaluate.c | 2 +
> src/mnl.c | 7 +-
> src/netlink.c | 78 -------
> src/parser_bison.y | 8 +-
> src/rule.c | 48 +----
> tests/shell/testcases/listing/reset_objects | 104 +++++++++
> .../testcases/rule_management/0011reset_0 | 31 ++-
> 10 files changed, 305 insertions(+), 191 deletions(-)
> create mode 100755 tests/shell/testcases/listing/reset_objects
>
> --
> 2.30.2
I ran this against the firewalld testsuite; lgtm. It does not cover
"reset" commands.
Tested-by: Eric Garver <eric@garver.life>
next prev parent reply other threads:[~2024-08-26 15:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-26 8:54 [PATCH nft,v2 0/7] cache updates Pablo Neira Ayuso
2024-08-26 8:54 ` [PATCH nft,v2 1/7] cache: reset filter for each command Pablo Neira Ayuso
2024-08-26 8:54 ` [PATCH nft,v2 2/7] cache: accumulate flags in batch Pablo Neira Ayuso
2024-08-26 8:54 ` [PATCH nft,v2 3/7] cache: add filtering support for objects Pablo Neira Ayuso
2024-08-26 8:54 ` [PATCH nft,v2 4/7] cache: only dump rules for the given table Pablo Neira Ayuso
2024-08-26 8:54 ` [PATCH nft,v2 5/7] cache: consolidate reset command Pablo Neira Ayuso
2024-09-25 22:47 ` Phil Sutter
2024-09-26 14:34 ` Pablo Neira Ayuso
2024-09-26 14:40 ` Phil Sutter
2024-08-26 8:54 ` [PATCH nft,v2 6/7] tests: shell: cover anonymous set with " Pablo Neira Ayuso
2024-08-26 8:54 ` [PATCH nft,v2 7/7] tests: shell: cover reset command with counter and quota Pablo Neira Ayuso
2024-08-26 15:29 ` Eric Garver [this message]
2024-08-28 14:35 ` [PATCH nft,v2 0/7] cache updates Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZsyfUE24_cmTtLiL@egarver-mac \
--to=eric@garver.life \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).