Hi.
This is round 5 of the connlabel set support set.
I'm only sending the kernel patches for now.
First 4 patches are preparation changes, patch #4 adds set support.
I added a more generic CT_IMM nested attr that expects a nft_data struct.
Its up to the kernel to (using the key) to figure out how to interpret it.
This approach is hopefully generic enough so it can be re-used for other
set options that want to use an immediate value.
Florian Westphal (4):
netfilter: connlabels: move helpers to xt_connlabel
netfilter: labels: don't emit ct event if labels were not changed
netfilter: connlabels: change nf_connlabels_get bit arg to 'highest used'
netfilter: nftables: add connlabel set support
include/net/netfilter/nf_conntrack_labels.h | 5 -
include/uapi/linux/netfilter/nf_tables.h | 2
net/netfilter/nf_conntrack_labels.c | 44 +++++----------
net/netfilter/nft_ct.c | 78 ++++++++++++++++++++++++++--
net/netfilter/xt_connlabel.c | 14 ++++-
net/openvswitch/conntrack.c | 2
6 files changed, 108 insertions(+), 37 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
