netfilter: nf_tables: add support for dynamic set updates
authorPatrick McHardy <kaber@trash.net>
Sun, 5 Apr 2015 12:41:08 +0000 (14:41 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 8 Apr 2015 14:58:27 +0000 (16:58 +0200)
commit22fe54d5fefcfa98c58cc2f4607dd26d9648b3f5
tree153c791a6efb2c0eb7aca4baecb84cb76199b706
parent11113e190bf0ad73086884f87efccc994ff28b3d
netfilter: nf_tables: add support for dynamic set updates

Add a new "dynset" expression for dynamic set updates.

A new set op ->update() is added which, for non existant elements,
invokes an initialization callback and inserts the new element.
For both new or existing elements the extenstion pointer is returned
to the caller to optionally perform timer updates or other actions.

Element removal is not supported so far, however that seems to be a
rather exotic need and can be added later on.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables_core.h
include/uapi/linux/netfilter/nf_tables.h
net/netfilter/Makefile
net/netfilter/nf_tables_api.c
net/netfilter/nf_tables_core.c
net/netfilter/nft_dynset.c [new file with mode: 0644]
net/netfilter/nft_hash.c