This patch series makes nf_tables transactions per namespace.
All nf_tables rules are already namespacified, but transactions are
still guarded by the nfnetlink subsys mutex instead of a per namespace
one.
This adds a dedicated mutex instead.
As nfnetlink subsys mutex also guards against removal, add a module
owner pointer to the subsys and grab a module reference before dropping
the subsys mutex.
Florian Westphal (5):
netfilter: nf_tables: add and use helper for module autoload
netfilter: nf_tables: make valid_genid callback mandatory
netfilter: nf_tables: take module reference when starting a batch
netfilter: nf_tables: avoid global info storage
netfilter: nf_tables: use dedicated mutex to guard transactions
include/linux/netfilter/nfnetlink.h | 1
include/net/netns/nftables.h | 1
net/netfilter/nf_tables_api.c | 194 ++++++++++++++++++++++++------------
net/netfilter/nfnetlink.c | 23 ++--
net/netfilter/nft_chain_filter.c | 4
net/netfilter/nft_dynset.c | 2
6 files changed, 152 insertions(+), 73 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
