diff options
| author | Pablo Neira Ayuso | 2014-05-23 12:39:26 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2014-06-02 10:54:35 +0200 |
| commit | 4fefee570d8e35d950e6b7294618e2035e669308 (patch) | |
| tree | 6fb7445e5ec3f6caf139515c4d2f48ca56078c88 /net/netfilter/xt_cpu.c | |
| parent | netfilter: nft_rbtree: introduce locking (diff) | |
| download | kernel-qcow2-linux-4fefee570d8e35d950e6b7294618e2035e669308.tar.gz kernel-qcow2-linux-4fefee570d8e35d950e6b7294618e2035e669308.tar.xz kernel-qcow2-linux-4fefee570d8e35d950e6b7294618e2035e669308.zip | |
netfilter: nf_tables: allow to delete several objects from a batch
Three changes to allow the deletion of several objects with dependencies
in one transaction, they are:
1) Introduce speculative counter increment/decrement that is undone in
the abort path if required, thus we avoid hitting -EBUSY when deleting
the chain. The counter updates are reverted in the abort path.
2) Increment/decrement table/chain use counter for each set/rule. We need
this to fully rely on the use counters instead of the list content,
eg. !list_empty(&chain->rules) which evaluate true in the middle of the
transaction.
3) Decrement table use counter when an anonymous set is bound to the
rule in the commit path. This avoids hitting -EBUSY when deleting
the table that contains anonymous sets. The anonymous sets are released
in the nf_tables_rule_destroy path. This should not be a problem since
the rule already bumped the use counter of the chain, so the bound
anonymous set reflects dependencies through the rule object, which
already increases the chain use counter.
So the general assumption after this patch is that the use counters are
bumped by direct object dependencies.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/xt_cpu.c')
0 files changed, 0 insertions, 0 deletions