[PATCH nf-next 0/3] support for stateful expressions in set definition

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

This patchset allows user to specify a stateful expression in the set
definition, eg.

 table ip x {
        set y {
                typeof ip saddr
                counter
                elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 }
        }

        chain z {
                type filter hook output priority filter; policy accept;
                ip daddr @y
        }
 }

The example above turns on counters for each element in the set 'y'.

Pablo Neira Ayuso (3):
  netfilter: nf_tables: move nft_expr_clone() to nf_tables_api.c
  netfilter: nf_tables: pass context to nft_set_destroy()
  netfilter: nf_tables: allow to specify stateful expression in set definition

 include/net/netfilter/nf_tables.h        |  3 ++
 include/uapi/linux/netfilter/nf_tables.h |  2 +
 net/netfilter/nf_tables_api.c            | 88 ++++++++++++++++++++++++++------
 net/netfilter/nft_dynset.c               | 17 ------
 4 files changed, 76 insertions(+), 34 deletions(-)

--
2.11.0
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux