Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next 0/5,v2] nftables: support for implicit chains binding
Date: Mon, 29 Jun 2020 23:03:32 +0200
Message-ID: <20200629210337.30008-1-pablo@netfilter.org> (raw)

Hi,

This is a second version for the patch series entitled:

	"support for anonymous non-base chains in nftables" [1]

Changes since last patchset are:

* The kernel dynamically allocates the (internal) chain name, unless
  userspace provides an chain name.

* Remove the chain from the lists and decrement the reference counters
  before the commit path (from nft_data_release() path). This
  ensures no ongoing netlink dump over the chain list ends up walking over
  a chain object while being released.

* Add nft_chain_add() in a new patch to re-add the chain into the list
  if the preparation phase fails, given that nft_data_release() now
  zaps the chain from the list.

[1] https://marc.info/?l=netfilter-devel&m=159310902001476&w=2

Pablo Neira Ayuso (5):
  netfilter: nf_tables: add NFTA_RULE_CHAIN_ID attribute
  netfilter: nf_tables: add NFTA_VERDICT_CHAIN_ID attribute
  netfilter: nf_tables: expose enum nft_chain_flags through UAPI
  netfilter: nf_tables: add nft_chain_add()
  netfilter: nf_tables: add NFT_CHAIN_BINDING

 include/net/netfilter/nf_tables.h        |  20 ++-
 include/uapi/linux/netfilter/nf_tables.h |   9 ++
 net/netfilter/nf_tables_api.c            | 158 +++++++++++++++++++----
 net/netfilter/nft_immediate.c            |  51 ++++++++
 4 files changed, 204 insertions(+), 34 deletions(-)

-- 
2.20.1


             reply index

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-29 21:03 Pablo Neira Ayuso [this message]
2020-06-29 21:03 ` [PATCH nf-next 1/5] netfilter: nf_tables: add NFTA_RULE_CHAIN_ID attribute Pablo Neira Ayuso
2020-06-30 10:24   ` kernel test robot
2020-06-29 21:03 ` [PATCH nf-next 2/5] netfilter: nf_tables: add NFTA_VERDICT_CHAIN_ID attribute Pablo Neira Ayuso
2020-06-29 21:03 ` [PATCH nf-next 3/5] netfilter: nf_tables: expose enum nft_chain_flags through UAPI Pablo Neira Ayuso
2020-06-29 21:03 ` [PATCH nf-next 4/5] netfilter: nf_tables: add nft_chain_add() Pablo Neira Ayuso
2020-06-29 21:03 ` [PATCH nf-next 5/5] netfilter: nf_tables: add NFT_CHAIN_BINDING Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200629210337.30008-1-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git