]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f7e89eb) | patch
netfilter: nf_tables: garbage collection for stateful expressions
authorPablo Neira Ayuso <pablo@netfilter.org>
Sat, 2 Jun 2018 21:38:49 +0000 (23:38 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sat, 2 Jun 2018 22:02:10 +0000 (00:02 +0200)
commit3a92dc62d19b718b82e6d86002d2516984cd89c9
tree5093b803e1add42afa344cb0d70f8d2afac7a5e2tree | snapshot
parentf7e89eb381f44a3ada5f14732e6b18f6377ecff7commit | diff
netfilter: nf_tables: garbage collection for stateful expressions

Use garbage collector to schedule removal of elements based of feedback
from expression that this element comes with. Therefore, the garbage
collector is not guided by timeout expirations in this new mode.

The new connlimit expression sets on the NFT_EXPR_GC flag to enable this
behaviour, the dynset expression needs to explicitly enable the garbage
collector via set->ops->gc_init call.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h diff | blob | history
net/netfilter/nft_dynset.c diff | blob | history
net/netfilter/nft_set_hash.c diff | blob | history
Linux Kernel Source Tree.