[PATCH nf-next 0/5] support for several expression in set elements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

This patchset extends nftables to support for several expressions
per set element.

So far, users can only specify either a counter or a ratelimit
per set element, this patchset allows for combining both.

This patchset adds an artificial cap for up to 2 expressions for set
elements which can be easily augmented later on by simply updating the
NFT_SET_EXPR_MAX definition.

Comments welcome, thanks.

Pablo Neira Ayuso (5):
  netfilter: nftables: generalize set expressions support
  netfilter: nftables: move nft_expr before nft_set
  netfilter: nftables: generalize set extension to support for several
    expressions
  netfilter: nftables: add nft_expr_parse() helper function
  netfilter: nftables: netlink support for several set element
    expressions

 include/net/netfilter/nf_tables.h        | 105 +++---
 include/uapi/linux/netfilter/nf_tables.h |   3 +
 net/netfilter/nf_tables_api.c            | 395 +++++++++++++++++------
 net/netfilter/nft_dynset.c               | 141 ++++++--
 net/netfilter/nft_set_hash.c             |  27 +-
 5 files changed, 511 insertions(+), 160 deletions(-)

-- 
2.20.1
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux