All of lore.kernel.org
 help / color / mirror / Atom feed
From: Patrick McHardy <kaber@trash.net>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: Re: [PATCH 02/13] IP set core support
Date: Tue, 01 Feb 2011 15:31:37 +0100	[thread overview]
Message-ID: <4D481949.4040709@trash.net> (raw)
In-Reply-To: <1296514388-20900-3-git-send-email-kadlec@blackhole.kfki.hu>

Am 31.01.2011 23:52, schrieb Jozsef Kadlecsik:
> The patch adds the IP set core support to the kernel.
> 
> The IP set core implements a netlink (nfnetlink) based protocol by which
> one can create, destroy, flush, rename, swap, list, save, restore sets,
> and add, delete, test elements from userspace. For simplicity (and backward
> compatibilty and for not to force ip(6)tables to be linked with a netlink
> library) reasons a small getsockopt-based protocol is also kept in order
> to communicate with the ip(6)tables match and target.
> 
> The netlink protocol passes all u16, etc values in network order with
> NLA_F_NET_BYTEORDER flag. The protocol enforces the proper use of the
> NLA_F_NESTED and NLA_F_NET_BYTEORDER flags.
> 
> For other kernel subsystems (netfilter match and target) the API contains
> the functions to add, delete and test elements in sets and the required calls
> to get/put refereces to the sets before those operations can be performed.
> 
> The set types (which are implemented in independent modules) are stored
> in a simple RCU protected list. A set type may have variants: for example
> without timeout or with timeout support, for IPv4 or for IPv6. The sets
> (i.e. the pointers to the sets) are stored in an array. The sets are
> identified by their index in the array, which makes possible easy and
> fast swapping of sets. The array is protected indirectly by the nfnl
> mutex from nfnetlink. The content of the sets are protected by the rwlock
> of the set.
> 
> There are functional differences between the add/del/test functions
> for the kernel and userspace:
> 
> - kernel add/del/test: works on the current packet (i.e. one element)
> - kernel test: may trigger an "add" operation  in order to fill
>   out unspecified parts of the element from the packet (like MAC address)
> - userspace add/del: works on the netlink message and thus possibly
>   on multiple elements from the IPSET_ATTR_ADT container attribute.
> - userspace add: may trigger resizing of a set
> 

Applied, thanks Jozsef.

  parent reply	other threads:[~2011-02-01 14:31 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-31 22:52 [PATCH 00/13] ipset kernel patches v3 Jozsef Kadlecsik
2011-01-31 22:52 ` [PATCH 01/13] NFNL_SUBSYS_IPSET id and NLA_PUT_NET* macros Jozsef Kadlecsik
2011-01-31 22:52   ` [PATCH 02/13] IP set core support Jozsef Kadlecsik
2011-01-31 22:52     ` [PATCH 03/13] bitmap:ip set type support Jozsef Kadlecsik
2011-01-31 22:52       ` [PATCH 04/13] bitmap:ip,mac " Jozsef Kadlecsik
2011-01-31 22:53         ` [PATCH 05/13] bitmap:port set " Jozsef Kadlecsik
2011-01-31 22:53           ` [PATCH 06/13] hash:ip " Jozsef Kadlecsik
2011-01-31 22:53             ` [PATCH 07/13] hash:ip,port " Jozsef Kadlecsik
2011-01-31 22:53               ` [PATCH 08/13] hash:ip,port,ip " Jozsef Kadlecsik
2011-01-31 22:53                 ` [PATCH 09/13] hash:ip,port,net " Jozsef Kadlecsik
2011-01-31 22:53                   ` [PATCH 10/13] hash:net " Jozsef Kadlecsik
2011-01-31 22:53                     ` [PATCH 11/13] hash:net,port " Jozsef Kadlecsik
2011-01-31 22:53                       ` [PATCH 12/13] list:set " Jozsef Kadlecsik
2011-01-31 22:53                         ` [PATCH 13/13] "set" match and "SET" target support Jozsef Kadlecsik
2011-02-01 14:56                           ` Patrick McHardy
2011-02-01 14:55                         ` [PATCH 12/13] list:set set type support Patrick McHardy
2011-02-01 14:54                       ` [PATCH 11/13] hash:net,port " Patrick McHardy
2011-02-01 14:53                     ` [PATCH 10/13] hash:net " Patrick McHardy
2011-02-01 14:52                   ` [PATCH 09/13] hash:ip,port,net " Patrick McHardy
2011-02-01 14:42                 ` [PATCH 08/13] hash:ip,port,ip " Patrick McHardy
2011-02-01 14:40               ` [PATCH 07/13] hash:ip,port " Patrick McHardy
2011-02-01 14:39             ` [PATCH 06/13] hash:ip " Patrick McHardy
2011-02-01 14:37           ` [PATCH 05/13] bitmap:port " Patrick McHardy
2011-02-01 14:36         ` [PATCH 04/13] bitmap:ip,mac " Patrick McHardy
2011-02-01 14:34       ` [PATCH 03/13] bitmap:ip set " Patrick McHardy
2011-02-01 14:31     ` Patrick McHardy [this message]
2011-02-01 15:34     ` [PATCH 02/13] IP set core support Patrick McHardy
2011-02-01 19:43       ` Jozsef Kadlecsik
2011-02-01 21:22         ` Jozsef Kadlecsik
2011-02-01 21:28           ` Jozsef Kadlecsik
2011-02-02  6:50             ` Patrick McHardy
2011-02-02 19:46               ` Jozsef Kadlecsik
2011-02-02 22:56                 ` Patrick McHardy
2011-02-02  6:40         ` Patrick McHardy
2011-02-02  6:45           ` Patrick McHardy
2011-02-01 14:24   ` [PATCH 01/13] NFNL_SUBSYS_IPSET id and NLA_PUT_NET* macros Patrick McHardy
2011-02-01 14:18 ` [PATCH 00/13] ipset kernel patches v3 Patrick McHardy
2011-02-01 17:42 ` Patrick McHardy
  -- strict thread matches above, loose matches on Subject: below --
2011-01-21 14:01 [PATCH 00/13] ipset kernel patches v2 Jozsef Kadlecsik
2011-01-21 14:01 ` [PATCH 01/13] NFNL_SUBSYS_IPSET id and NLA_PUT_NET* macros Jozsef Kadlecsik
2011-01-21 14:01   ` [PATCH 02/13] IP set core support Jozsef Kadlecsik
2011-01-21 21:39     ` Jozsef Kadlecsik
2011-01-25 14:47       ` Patrick McHardy
2011-01-25 21:23         ` Jozsef Kadlecsik
2011-01-26 11:57           ` Patrick McHardy
2011-01-26 11:57           ` Patrick McHardy
2011-01-25 15:06     ` Patrick McHardy
2011-01-25 21:28       ` Jozsef Kadlecsik
2011-01-27  8:58         ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D481949.4040709@trash.net \
    --to=kaber@trash.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.