The following patches contain a small bug fix for set selection with timeouts, as well as support for dynamic set updates. A new "dynset" expression type is added to dynamically add or update set elements. The name is not my first choice, however due to clashes with the regular set attributes simply "set" wasn't possible. Userspace exposes this in a nicer fashion. As preparation, set size accounting is changed to use an atomic_t for the number of elements to avoid races, additionally set bindings are changed to not assume every binding is related to a lookup or map operation. Please apply, thanks! Patrick McHardy (4): netfilter: nf_tables: fix set selection when timeouts are requested netfilter: nf_tables: prepare set element accounting for async updates netfilter: nf_tables: support different set binding types netfilter: nf_tables: add support for dynamic set updates include/net/netfilter/nf_tables.h | 23 +++- include/net/netfilter/nf_tables_core.h | 3 + include/uapi/linux/netfilter/nf_tables.h | 27 ++++ net/netfilter/Makefile | 2 +- net/netfilter/nf_tables_api.c | 44 ++++--- net/netfilter/nf_tables_core.c | 7 + net/netfilter/nft_dynset.c | 218 +++++++++++++++++++++++++++++++ net/netfilter/nft_hash.c | 40 +++++- net/netfilter/nft_lookup.c | 2 + 9 files changed, 345 insertions(+), 21 deletions(-) create mode 100644 net/netfilter/nft_dynset.c -- 2.1.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
