git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 5 Dec 2016 22:35:50 +0000 (23:35 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 7 Dec 2016 12:31:40 +0000 (13:31 +0100)
commit	118974179f7f47473723ce98b58fcc65c3188b61
tree	46ec4f0de82337a234b88ff58aedccd3b6486525	tree \| snapshot
parent	1a0b60c807de2e2bdcc7fc3833a92f0628c3da1b	commit \| diff

netfilter: nf_tables: support for set flushing

This patch adds support for set flushing, that consists of walking over
the set elements if the NFTA_SET_ELEM_LIST_ELEMENTS attribute is set.
This patch requires the following changes:

1) Add set->ops->deactivate_one() operation: This allows us to
   deactivate an element from the set element walk path, given we can
   skip the lookup that happens in ->deactivate().

2) Add a new nft_trans_alloc_gfp() function since we need to allocate
   transactions using GFP_ATOMIC given the set walk path happens with
   held rcu_read_lock.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_set_hash.c		diff \| blob \| history
net/netfilter/nft_set_rbtree.c		diff \| blob \| history