git.baikalelectronics.ru Git - kernel.git/commit

author	Patrick McHardy <kaber@trash.net>
	Sun, 5 Apr 2015 12:41:08 +0000 (14:41 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 8 Apr 2015 14:58:27 +0000 (16:58 +0200)
commit	e907265f4d6d78b4dc4d9bd3e4cf3c73b319107f
tree	153c791a6efb2c0eb7aca4baecb84cb76199b706	tree \| snapshot
parent	f9055d20a22e4d6f11dcbd9d630b1db1b8ce895d	commit \| diff

netfilter: nf_tables: add support for dynamic set updates

Add a new "dynset" expression for dynamic set updates.

A new set op ->update() is added which, for non existant elements,
invokes an initialization callback and inserts the new element.
For both new or existing elements the extenstion pointer is returned
to the caller to optionally perform timer updates or other actions.

Element removal is not supported so far, however that seems to be a
rather exotic need and can be added later on.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
include/net/netfilter/nf_tables_core.h		diff \| blob \| history
include/uapi/linux/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nf_tables_core.c		diff \| blob \| history
net/netfilter/nft_dynset.c	[new file with mode: 0644]	blob
net/netfilter/nft_hash.c		diff \| blob \| history