Changes since v2: - Practically complete rewrite with wildcard interface spec support The first two patches of this series are fixes to existing code but cause conflicts if not applied in order. They may go into nf tree as well, though only the first one is a real bug and seems to be of low impact. The next three patches introduce external storing of the user-supplied interface name in nft_hook structs to decouple code from values in ->ops.dev or ->ops value in general. Patch 6 eliminates a quirk in netdev-family chain netdev event handler, aligns behaviour with flowtables and paves the way for following changes. Patches 7-10 prepare for and implement nf_hook_ops lists in nft_hook objects. This is crucial for wildcard interface specs and convenient with dynamic netdev hook registration upon NETDEV_REGISTER events. Patches 11-13 leverage the new infrastructure to correctly handle NETDEV_REGISTER and NETDEV_CHANGENAME events. Patch 14 prepares the code for non-NUL-terminated interface names passed by user space which resemble prefixes to match on. As a side-effect, hook allocation code becomes tolerant to non-matching interface specs. The final two patches implement netlink notifications for netdev add/remove events and add a kselftest. Phil Sutter (16): netfilter: nf_tables: Keep deleted flowtable hooks until after RCU netfilter: nf_tables: Flowtable hook's pf value never varies netfilter: nf_tables: Store user-defined hook ifname netfilter: nf_tables: Use stored ifname in netdev hook dumps netfilter: nf_tables: Compare netdev hooks based on stored name netfilter: nf_tables: Tolerate chains with no remaining hooks netfilter: nf_tables: Introduce functions freeing nft_hook objects netfilter: nf_tables: Introduce nft_hook_find_ops() netfilter: nf_tables: Introduce nft_register_flowtable_ops() netfilter: nf_tables: Have a list of nf_hook_ops in nft_hook netfilter: nf_tables: chain: Respect NETDEV_REGISTER events netfilter: nf_tables: flowtable: Respect NETDEV_REGISTER events netfilter: nf_tables: Handle NETDEV_CHANGENAME events netfilter: nf_tables: Support wildcard netdev hook specs netfilter: nf_tables: Add notications for hook changes selftests: netfilter: Torture nftables netdev hooks include/linux/netfilter.h | 2 + include/net/netfilter/nf_tables.h | 11 +- include/uapi/linux/netfilter/nf_tables.h | 5 + net/netfilter/nf_tables_api.c | 386 +++++++++++++----- net/netfilter/nf_tables_offload.c | 51 ++- net/netfilter/nft_chain_filter.c | 64 +-- net/netfilter/nft_flow_offload.c | 2 +- .../testing/selftests/net/netfilter/Makefile | 1 + .../net/netfilter/nft_interface_stress.sh | 149 +++++++ 9 files changed, 508 insertions(+), 163 deletions(-) create mode 100755 tools/testing/selftests/net/netfilter/nft_interface_stress.sh -- 2.43.0
