Hi,
The following patchset contains v3 updates for the datapath ruleset
representation and new infrastructure to skip redundant selector store
to register operations [1].
Changes only to patch 7 and 12.
- Patch 7: Add more memory checks to the routine that builds the blob,
as requested by Florian.
- Patch 12: Update nft_bitwise reduce routine to deal with different
source and destination registers.
[1] https://marc.info/?l=netfilter-devel&m=164168070413344&w=2
Pablo Neira Ayuso (14):
netfilter: nft_connlimit: move stateful fields out of expression data
netfilter: nft_last: move stateful fields out of expression data
netfilter: nft_quota: move stateful fields out of expression data
netfilter: nft_numgen: move stateful fields out of expression data
netfilter: nft_limit: rename stateful structure
netfilter: nft_limit: move stateful fields out of expression data
netfilter: nf_tables: add rule blob layout
netfilter: nf_tables: add NFT_REG32_NUM
netfilter: nf_tables: add register tracking infrastructure
netfilter: nft_payload: track register operations
netfilter: nft_meta: track register operations
netfilter: nft_bitwise: track register operations
netfilter: nft_payload: cancel register tracking after payload update
netfilter: nft_meta: cancel register tracking after meta update
include/net/netfilter/nf_tables.h | 40 +++++-
net/bridge/netfilter/nft_meta_bridge.c | 20 +++
net/netfilter/nf_tables_api.c | 160 ++++++++++++++++-------
net/netfilter/nf_tables_core.c | 41 ++++--
net/netfilter/nf_tables_trace.c | 2 +-
net/netfilter/nft_bitwise.c | 95 ++++++++++++++
net/netfilter/nft_connlimit.c | 26 ++--
net/netfilter/nft_last.c | 69 +++++++---
net/netfilter/nft_limit.c | 172 +++++++++++++++++--------
net/netfilter/nft_meta.c | 48 +++++++
net/netfilter/nft_numgen.c | 34 ++++-
net/netfilter/nft_payload.c | 51 ++++++++
net/netfilter/nft_quota.c | 52 +++++++-
13 files changed, 654 insertions(+), 156 deletions(-)
--
2.30.2
