The following patches add so called "set extensions" to maintain optional per element data for nft sets and converts nf_tables to use them. Following patches will use these set extensions to add some features from ipset which we are currently missing, namely timeouts and comments, as well as set transactions, variable sized data for concatenations and per-flow expressions. I'll send the next batch as soon as these have been merged. Please apply, thanks! Patrick McHardy (6): rhashtable: provide len to obj_hashfn netfilter: nft_hash: restore struct nft_hash netfilter: nft_hash: indent rhashtable parameters netfilter: nft_hash: convert to use rhashtable callbacks netfilter: nf_tables: add set extensions netfilter: nf_tables: convert hash and rbtree to set extensions include/linux/rhashtable.h | 6 +- include/net/netfilter/nf_tables.h | 119 ++++++++++++++++++++++++++++++-- lib/rhashtable.c | 2 +- net/netfilter/nf_tables_api.c | 135 ++++++++++++++++++++++++++++-------- net/netfilter/nft_hash.c | 141 +++++++++++++++++++++----------------- net/netfilter/nft_rbtree.c | 64 ++++++----------- net/netlink/af_netlink.c | 2 +- 7 files changed, 326 insertions(+), 143 deletions(-) -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
