Re: [PATCH RFC] netfilter: nf_tables: defer all object release via rcu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 10, 2014 at 03:01:47PM +0300, Tomasz Bursztyka wrote:
> Hi  Pablo,
> 
> 2 minor issues.
> 
> >  include/net/netfilter/nf_tables.h |    2 +
> >  net/netfilter/nf_tables_api.c     |  100 ++++++++++++++++++++++---------------
> >  2 files changed, 62 insertions(+), 40 deletions(-)
> >
> >diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
> >index b08f2a9..65656f7 100644
> >--- a/include/net/netfilter/nf_tables.h
> >+++ b/include/net/netfilter/nf_tables.h
> >@@ -391,12 +391,14 @@ struct nft_rule {
> >  /**
> >   *	struct nft_trans - nf_tables object update in transaction
> >   *
> >+ *	rcu_head: rcu head to defer release of transaction data
> 
> an '@' is missing

Right.

> >   *	@list: used internally
> >   *	@msg_type: message type
> >   *	@ctx: transaction context
> >   *	@data: internal information related to the transaction
> >   */
> >  struct nft_trans {
> >+	struct rcu_head			rcu_head;
> >  	struct list_head		list;
> >  	int				msg_type;
> >  	struct nft_ctx			ctx;
> >diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> >index 5606ae30..fd03212 100644
> >--- a/net/netfilter/nf_tables_api.c
> >+++ b/net/netfilter/nf_tables_api.c
> >@@ -2612,7 +2612,8 @@ static void nft_set_destroy(struct nft_set *set)
> >  static void nf_tables_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)
> >  {
> >  	list_del(&set->list);
> >-	nf_tables_set_notify(ctx, set, NFT_MSG_DELSET);
> >+	if (!set->flags & NFT_SET_ANONYMOUS)
> >+		nf_tables_set_notify(ctx, set, NFT_MSG_DELSET);
> 
> It's a fix for anonymous set, so it's should be on another patch.

Not a fix, we currently have anonymous set notifications which are
possible.  Please, have a look at the changelog in this patch, it
discusses the reason for this and alternative solutions.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux