Hi,
I took the patch "[PATCH 1/2] netfilter: nf_tables: partially rework commit and abort operation" of Pablo and quickly did the changes on top of it.
Basically if you need to do atomic rule manipulation, it will go in a transaction (like on a database).
And it's enabled per-nfnetlink connection. Any connection should be able to do such manipulation.
For that, I used the struct sock { sk_user_data } attribute... Afaik, nothing is using it on nfnetlink, so it looks safe to use it.
But if it should not be used, due to some reasons, let's find another way.
It remove the rule flags as well. It always sounded weird to add such flags, and the commit flag was just semantically wrong.
Besides that, I have a question about style issue: what naming rule is applied if the functions is static and not exposed anywhere?
For instance static function exposed as struct nfnl_callback callbacks are always following nf_tables_ prefix
But what about other functions? I have seen some with __nf_tables, nft_ or nf_tables_ ...
It's a proposal, not a patch since it's made on top of previous patch proposal.
Please review,
Tomasz Bursztyka (1):
nf_tables: Transaction API proposal
include/net/netfilter/nf_tables.h | 9 ++
include/uapi/linux/netfilter/nf_tables.h | 11 +-
net/netfilter/nf_tables_api.c | 170 +++++++++++++++++--------------
3 files changed, 106 insertions(+), 84 deletions(-)
--
1.8.1.5
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
