[PATCH 0/4] ipset patches for nf-next

Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx> · Thu, 29 Oct 2020 16:39:45 +0100

Hi Pablo,

Please consider to apply the next patches in the nf-next tree:

- Update byte and packet counters regardless of whether they match patch
  from Stefano Brivio. Finally I accepted Stefano's reasoning about updating
  the counters always.
- Add supporting the -exist flag with the destroy command too. The -exist
  flag was supported with add/del and create only but not with destroy.
  Now it is possible to write restore "scripts" which contains destroy and
  it won't abort when the set to be destroyed does not exist.
- Add the bucketsize parameter to all hash types, which makes possible to limit
  the max bucket size in the hash. Thus one can tune for faster matching with
  the price of higher memory footprint.
- Expose the initval hash parameter to userspace: after saving the set, one
  can now restore exactly the same set content and structure.

Best regards,
Jozsef

The following changes since commit 3cb12d27ff655e57e8efe3486dca2a22f4e30578:

  Merge tag 'net-5.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2020-10-23 12:05:49 -0700)

are available in the Git repository at:

  git://blackhole.kfki.hu/nf-next 17eca1ad71619af37e

for you to fetch changes up to 17eca1ad71619af37e136606fb87f7fc8a6fe8b5:

  netfilter: ipset: Expose the initval hash parameter to userspace (2020-10-29 15:50:55 +0100)

----------------------------------------------------------------
Jozsef Kadlecsik (3):
      netfilter: ipset: Support the -exist flag with the destroy command
      netfilter: ipset: Add bucketsize parameter to all hash types
      netfilter: ipset: Expose the initval hash parameter to userspace

Stefano Brivio (1):
      netfilter: ipset: Update byte and packet counters regardless of whether they match

 include/linux/netfilter/ipset/ip_set.h       |  5 ++++
 include/uapi/linux/netfilter/ipset/ip_set.h  |  6 ++--
 net/netfilter/ipset/ip_set_core.c            |  9 ++++--
 net/netfilter/ipset/ip_set_hash_gen.h        | 45 ++++++++++++++++++----------
 net/netfilter/ipset/ip_set_hash_ip.c         |  7 +++--
 net/netfilter/ipset/ip_set_hash_ipmac.c      |  6 ++--
 net/netfilter/ipset/ip_set_hash_ipmark.c     |  7 +++--
 net/netfilter/ipset/ip_set_hash_ipport.c     |  7 +++--
 net/netfilter/ipset/ip_set_hash_ipportip.c   |  7 +++--
 net/netfilter/ipset/ip_set_hash_ipportnet.c  |  7 +++--
 net/netfilter/ipset/ip_set_hash_mac.c        |  6 ++--
 net/netfilter/ipset/ip_set_hash_net.c        |  7 +++--
 net/netfilter/ipset/ip_set_hash_netiface.c   |  7 +++--
 net/netfilter/ipset/ip_set_hash_netnet.c     |  7 +++--
 net/netfilter/ipset/ip_set_hash_netport.c    |  7 +++--
 net/netfilter/ipset/ip_set_hash_netportnet.c |  7 +++--
 16 files changed, 103 insertions(+), 44 deletions(-)