netfilter: nf_tables: add support for dormant tables - openslx/kernel-qcow2-linux.git

diff options

author	Pablo Neira Ayuso	2013-10-10 13:26:33 +0200
committer	Pablo Neira Ayuso	2013-10-14 18:00:57 +0200
commit	9ddf63235749a9efa1fad2eeb74be2ee9b580f8d (patch)
tree	2606a4fffe7739aa342682f48bd9817bafeeb4ce /net/xfrm
parent	netfilter: nf_tables: nft_payload: fix transport header base (diff)
download	kernel-qcow2-linux-9ddf63235749a9efa1fad2eeb74be2ee9b580f8d.tar.gz kernel-qcow2-linux-9ddf63235749a9efa1fad2eeb74be2ee9b580f8d.tar.xz kernel-qcow2-linux-9ddf63235749a9efa1fad2eeb74be2ee9b580f8d.zip

netfilter: nf_tables: add support for dormant tables

This patch allows you to temporarily disable an entire table. You can change the state of a dormant table via NFT_MSG_NEWTABLE messages. Using this operation you can wake up a table, so their chains are registered. This provides atomicity at chain level. Thus, the rule-set of one chain is applied at once, avoiding any possible intermediate state in every chain. Still, the chains that belongs to a table are registered consecutively. This also allows you to have inactive tables in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/xfrm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: