This patch series makes nf_tables transactions per namespace.
All nf_tables rules are already namespacified, but transactions are
still guarded by the nfnetlink subsys mutex instead of a per namespace

This adds a dedicated mutex instead.
As nfnetlink subsys mutex also guards against removal, add a module
owner pointer to the subsys and grab a module reference before dropping
the subsys mutex.

Florian Westphal (5):
      netfilter: nf_tables: add and use helper for module autoload
      netfilter: nf_tables: make valid_genid callback mandatory
      netfilter: nf_tables: take module reference when starting a batch
      netfilter: nf_tables: avoid global info storage
      netfilter: nf_tables: use dedicated mutex to guard transactions

 include/linux/netfilter/nfnetlink.h |    1 
 include/net/netns/nftables.h        |    1 
 net/netfilter/nf_tables_api.c       |  194 ++++++++++++++++++++++++------------
 net/netfilter/nfnetlink.c           |   23 ++--
 net/netfilter/nft_chain_filter.c    |    4 
 net/netfilter/nft_dynset.c          |    2 
 6 files changed, 152 insertions(+), 73 deletions(-)

To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to
More majordomo info at

Reply via email to