diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-05 23:35:50 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-12-07 13:31:40 +0100 |
| commit | 8411b6442e59810fe0750a2f321b9dcb7d0a3d17 (patch) | |
| tree | 46ec4f0de82337a234b88ff58aedccd3b6486525 /net/netfilter/nft_set_hash.c | |
| parent | netfilter: nft_set: introduce nft_{hash, rbtree}_deactivate_one() (diff) | |
| download | linux-dev-8411b6442e59810fe0750a2f321b9dcb7d0a3d17.tar.xz linux-dev-8411b6442e59810fe0750a2f321b9dcb7d0a3d17.zip | |
netfilter: nf_tables: support for set flushing
This patch adds support for set flushing, that consists of walking over
the set elements if the NFTA_SET_ELEM_LIST_ELEMENTS attribute is set.
This patch requires the following changes:
1) Add set->ops->deactivate_one() operation: This allows us to
deactivate an element from the set element walk path, given we can
skip the lookup that happens in ->deactivate().
2) Add a new nft_trans_alloc_gfp() function since we need to allocate
transactions using GFP_ATOMIC given the set walk path happens with
held rcu_read_lock.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_set_hash.c')
| -rw-r--r-- | net/netfilter/nft_set_hash.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c index 73f7687c5656..1e20e2bbb6d9 100644 --- a/net/netfilter/nft_set_hash.c +++ b/net/netfilter/nft_set_hash.c @@ -397,6 +397,7 @@ static struct nft_set_ops nft_hash_ops __read_mostly = { .insert = nft_hash_insert, .activate = nft_hash_activate, .deactivate = nft_hash_deactivate, + .deactivate_one = nft_hash_deactivate_one, .remove = nft_hash_remove, .lookup = nft_hash_lookup, .update = nft_hash_update, |