Re: [PATCH nft 1/2] parser: fix typo

On Wed, Aug 23, 2017 at 10:42:55PM +0200, Pablo M. Bermudo Garay wrote: > Separator was misspelled as "seperator" in a symbol name. Applied this one, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More

[PATCH nf-next v2 1/3] netfilter: convert hook list to an array

From: Aaron Conole This converts the storage and layout of netfilter hook entries from a linked list to an array. After this commit, hook entries will be stored adjacent in memory. The next pointer is no longer required. The ops pointers are stored at the end of the array

Re: [PATCH nft] files: add arp filter and add in/output to nat skeleton

On Wed, Aug 23, 2017 at 05:56:12PM +0200, Florian Westphal wrote: > Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to

[PATCH nft v2] files: add arp filter and add in/output to nat skeleton

Signed-off-by: Florian Westphal --- v2: forgot to git-add arp-filter... files/nftables/Makefile.am | 3 ++- files/nftables/arp-filter | 6 ++ files/nftables/ipv4-nat| 6 -- files/nftables/ipv6-nat| 6 -- 4 files changed, 16 insertions(+), 5 deletions(-)

Re: [PATCH nft 2/2] src: limit stateful object support

Maybe the commit title is confusing, since "limit" seems the typical imperative mood instead of a noun. Pablo, should I resend the patches with a better title? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More

Re: [PATCH nf-next 1/3] netfilter: convert hook list to an array

Eric Dumazet writes: > On Wed, 2017-08-23 at 17:26 +0200, Florian Westphal wrote: >> From: Aaron Conole > > ... > >> -static struct nf_hook_entry __rcu **nf_hook_entry_head(struct net >> *net, const struct nf_hook_ops *reg) >> +static struct

[PATCH nft 1/2] parser: fix typo

Separator was misspelled as "seperator" in a symbol name. Signed-off-by: Pablo M. Bermudo Garay --- src/parser_bison.y | 74 +++--- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/src/parser_bison.y

[PATCH nft 2/2] src: limit stateful object support

This patch adds support for a new type of stateful object: limit. Creation, deletion and listing operations are supported. Signed-off-by: Pablo M. Bermudo Garay --- include/linux/netfilter/nf_tables.h | 3 +- include/rule.h | 13 +

[PATCH libnftnl] src: limit stateful object support

This patch adds support for a new type of stateful object: limit. Signed-off-by: Pablo M. Bermudo Garay --- include/libnftnl/object.h | 8 ++ include/linux/netfilter/nf_tables.h | 3 +- include/obj.h | 8 ++ src/Makefile.am

[PATCH nf-next 3/3] netfilter: nft_limit: add stateful object type

Register a new limit stateful object type into the stateful object infrastructure. Signed-off-by: Pablo M. Bermudo Garay --- include/uapi/linux/netfilter/nf_tables.h | 3 +- net/netfilter/nft_limit.c| 118 ++- 2 files changed,

[PATCH nf-next 2/3] netfilter: nft_limit: replace pkt_bytes with bytes

Just a small refactor patch in order to improve the code readability. Signed-off-by: Pablo M. Bermudo Garay --- include/uapi/linux/netfilter/nf_tables.h | 2 +- net/netfilter/nft_limit.c| 30 +++--- 2 files changed, 16 insertions(+),

Re: [nft PATCH] Keep cache in struct nft_ctx

On Tue, Aug 22, 2017 at 02:40:04PM +0200, Phil Sutter wrote: > This is preliminary work for Eric's libnftables patchset. Applied, thanks Phil. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at

Re: [PATCH nf-next 1/3] netfilter: convert hook list to an array

On Wed, 2017-08-23 at 17:26 +0200, Florian Westphal wrote: > From: Aaron Conole ... > -static struct nf_hook_entry __rcu **nf_hook_entry_head(struct net *net, > const struct nf_hook_ops *reg) > +static struct nf_hook_entries *allocate_hook_entries_size(u16 num) > +{ > +

[PATCH nft] files: add arp filter and add in/output to nat skeleton

Signed-off-by: Florian Westphal --- files/nftables/Makefile.am | 3 ++- files/nftables/ipv4-nat| 6 -- files/nftables/ipv6-nat| 6 -- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/files/nftables/Makefile.am b/files/nftables/Makefile.am index

[PATCH nf-next 2/3] netfilter: debug: check for sorted array

Make sure our grow/shrink routine places them in the correct order. Signed-off-by: Florian Westphal --- net/netfilter/core.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 6212958c9c58..8ca26729430b

[PATCH nf-next 1/3] netfilter: convert hook list to an array

From: Aaron Conole This converts the storage and layout of netfilter hook entries from a linked list to an array. After this commit, hook entries will be stored adjacent in memory. The next pointer is no longer required. The ops pointers are stored at the end of the array

[PATCH nf-next 0/3] netfilter: convert hook list to an array

This series converts netfilters linked-list to an array. This improves cache utilization as the next hook will be either in same or next cacheline. Tested: - nfqueue test program still works - ip and ebtables rule counters increment - nftables can register base chains Joint work with Aaron

Re: [PATCH] tests: json: Add test cases for json format

On 22 August 2017 at 11:30, Shyam Saini wrote: > > Should I send the version 2 of this patch with this script? > Yes, my suggestion is: * create a new testcase in nftables: tests/shell/testcases/import/yourscript_0 * put all the json files in: