Re: [PATCH net-next] netfilter: nft_counter: rework atomic dump and reset

On Sat, 2016-12-10 at 15:25 +0100, Pablo Neira Ayuso wrote: > On Sat, Dec 10, 2016 at 03:16:55PM +0100, Pablo Neira Ayuso wrote: = > > - nft_counter_fetch(priv, , reset); > + nft_counter_fetch(priv, ); > + if (reset) > + nft_counter_reset(priv, ); > > if

Re: [PATCH net-next] netfilter: nft_counter: rework atomic dump and reset

On Sat, Dec 10, 2016 at 03:16:55PM +0100, Pablo Neira Ayuso wrote: > On Sat, Dec 10, 2016 at 03:05:41PM +0100, Pablo Neira Ayuso wrote: > [...] > > -static void nft_counter_reset(struct nft_counter_percpu __percpu *counter, > > - struct nft_counter *total) > > -{ > > -

Re: [PATCH net-next] netfilter: nft_counter: rework atomic dump and reset

On Sat, Dec 10, 2016 at 03:05:41PM +0100, Pablo Neira Ayuso wrote: [...] > -static void nft_counter_reset(struct nft_counter_percpu __percpu *counter, > - struct nft_counter *total) > -{ > - struct nft_counter_percpu *cpu_stats; > - u64 bytes, packets; > -

[PATCH net-next] netfilter: nft_counter: rework atomic dump and reset

Dump and reset doesn't work unless cmpxchg64() is used both from both packet and control plane paths. This approach is going to be slow though. Instead, use a percpu seqcount to fetch counters consistently, then subtract bytes and packets in case a reset was requested. This patch is based on

Re: [PATCH nft v3] datatype: Display pre-defined inet_service values in host byte order

On Fri, Dec 09, 2016 at 10:35:13PM -0200, Elise Lennion wrote: > nft describe displays, to the user, which values are available for a selector, > then the values should be in host byte order. > > Variable size was replaced by len to better match the common pattern. Applied, thanks Elise. BTW, I

Re: [PATCH] extensions: libxt_bpf: support ebpf pinned objects

On Thu, Dec 08, 2016 at 05:09:38PM -0500, Willem de Bruijn wrote: > From: Willem de Bruijn > > Exercise the new kernel feature introduced in commit 2c16d6033264 > ("netfilter: xt_bpf: support ebpf") to load pinned eBPF programs. > > The new interface allows instantiating a

Re: [PATCH] ARM: add cmpxchg64 helper for ARMv7-M

Hi Arnd, On Sat, Dec 10, 2016 at 11:36:34AM +0100, Arnd Bergmann wrote: > A change to the netfilter code in net-next introduced the first caller of > cmpxchg64 that can get built on ARMv7-M, leading to an error from the > assembler that points out the lack of 64-bit atomics on this architecture:

Re: [PATCH 37/50] netfilter: nf_tables: atomic dump and reset for stateful objects

On Fri, Dec 09, 2016 at 07:22:06AM -0800, Eric Dumazet wrote: > On Fri, 2016-12-09 at 06:24 -0800, Eric Dumazet wrote: > > > It looks that you want a seqcount, even on 64bit arches, > > so that CPU 2 can restart its loop, and more importantly you need > > to not accumulate the values you read,

[PATCH] ARM: add cmpxchg64 helper for ARMv7-M

A change to the netfilter code in net-next introduced the first caller of cmpxchg64 that can get built on ARMv7-M, leading to an error from the assembler that points out the lack of 64-bit atomics on this architecture: /tmp/ccMe7djj.s: Assembler messages: /tmp/ccMe7djj.s:367: Error: selected

RFC: nft.8 review

Hi, I skimmed through nft man page and noted down problems I discovered. While doing so, I got the idea to restructure the whole document for better organization and comprehensibility but wanted to hear your thoughts first before creating a ticket in netfilter BZ: * Use BNF in synopses This is