review.tizen.org Git - platform/kernel/linux-exynos.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 5 Dec 2016 22:35:50 +0000 (23:35 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 7 Dec 2016 12:31:40 +0000 (13:31 +0100)
commit	8411b6442e59810fe0750a2f321b9dcb7d0a3d17
tree	46ec4f0de82337a234b88ff58aedccd3b6486525	tree \| snapshot
parent	37df5301a3ae903c5b1aa90cae37c6c669dfc386	commit \| diff

netfilter: nf_tables: support for set flushing

This patch adds support for set flushing, that consists of walking over
the set elements if the NFTA_SET_ELEM_LIST_ELEMENTS attribute is set.
This patch requires the following changes:

1) Add set->ops->deactivate_one() operation: This allows us to
   deactivate an element from the set element walk path, given we can
   skip the lookup that happens in ->deactivate().

2) Add a new nft_trans_alloc_gfp() function since we need to allocate
   transactions using GFP_ATOMIC given the set walk path happens with
   held rcu_read_lock.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_set_hash.c		diff \| blob \| history
net/netfilter/nft_set_rbtree.c		diff \| blob \| history