]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3230aa8) | patch
netfilter: nf_tables: garbage collection for stateful expressions
authorPablo Neira Ayuso <pablo@netfilter.org>
Sat, 2 Jun 2018 21:38:49 +0000 (23:38 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sat, 2 Jun 2018 22:02:10 +0000 (00:02 +0200)
commit81d4b192aeda7d63015d0ea3fe05cc4f69406ac5
tree5093b803e1add42afa344cb0d70f8d2afac7a5e2tree | snapshot
parent3230aa845e75ab9b3685091d1d0226fad8843a7acommit | diff
netfilter: nf_tables: garbage collection for stateful expressions

Use garbage collector to schedule removal of elements based of feedback
from expression that this element comes with. Therefore, the garbage
collector is not guided by timeout expirations in this new mode.

The new connlimit expression sets on the NFT_EXPR_GC flag to enable this
behaviour, the dynset expression needs to explicitly enable the garbage
collector via set->ops->gc_init call.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h diff | blob | history
net/netfilter/nft_dynset.c diff | blob | history
net/netfilter/nft_set_hash.c diff | blob | history
Linux Kernel Source Tree.