netfilter: nf_tables: split set destruction in deactivate and destroy phase
[ backport for 4.14 of cd5125d8 ] Splits unbind_set into destroy_set and unbinding operation. Unbinding removes set from lists (so new transaction would not find it anymore) but keeps memory allocated (so packet path continues to work). Rebind function is added to allow unrolling in case transaction that wants to remove set is aborted. Destroy function is added to free the memory, but this could occur outside of transaction in the future. Signed-off-by:Florian Westphal <fw@strlen.de> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
Sasha Levin <sashal@kernel.org>
Showing
- include/net/netfilter/nf_tables.h 6 additions, 1 deletioninclude/net/netfilter/nf_tables.h
- net/netfilter/nf_tables_api.c 25 additions, 11 deletionsnet/netfilter/nf_tables_api.c
- net/netfilter/nft_dynset.c 20 additions, 1 deletionnet/netfilter/nft_dynset.c
- net/netfilter/nft_lookup.c 19 additions, 1 deletionnet/netfilter/nft_lookup.c
- net/netfilter/nft_objref.c 19 additions, 1 deletionnet/netfilter/nft_objref.c
Loading
Please register or sign in to comment