Hi Stefano, This patchset extends the netlink API to allow to express an interval with one single element. This simplifies this interface since userspace does not need to send two independent elements anymore, one of the including the NFT_SET_ELEM_INTERVAL_END flag. The idea is to use the _DESC to specify that userspace speaks the kernel that new API representation. In your case, the new description attribute that tells that this set contains interval + concatenation implicitly tells the kernel that userspace supports for this new API. If you're fine with this, I can scratch a bit of time to finish the libnftnl part. The nft code will need a small update too. You will not need to use the nft_set_pipapo object as scratchpad area anymore. Compile-tested only. Let me know, thanks. Pablo Neira Ayuso (2): netfilter: nf_tables: add nft_setelem_parse_key() netfilter: nf_tables: add NFTA_SET_ELEM_KEY_END attribute include/net/netfilter/nf_tables.h | 14 +++- include/uapi/linux/netfilter/nf_tables.h | 2 + net/netfilter/nf_tables_api.c | 134 +++++++++++++++++++++---------- net/netfilter/nft_dynset.c | 2 +- 4 files changed, 106 insertions(+), 46 deletions(-) -- 2.11.0
