leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
9dee147412
linux/net
History
Pablo Neira Ayuso 9dee147412 netfilter: nf_tables: support for recursive chain deletion 
This patch sorts out an asymmetry in deletions. Currently, table and set
deletion commands come with an implicit content flush on deletion.
However, chain deletion results in -EBUSY if there is content in this
chain, so no implicit flush happens. So you have to send a flush command
in first place to delete chains, this is inconsistent and it can be
annoying in terms of user experience.

This patch uses the new NLM_F_NONREC flag to request non-recursive chain
deletion, ie. if the chain to be removed contains rules, then this
returns EBUSY. This problem was discussed during the NFWS'17 in Faro,
Portugal. In iptables, you hit -EBUSY if you try to delete a chain that
contains rules, so you have to flush first before you can remove
anything. Since iptables-compat uses the nf_tables netlink interface, it
has to use the NLM_F_NONREC flag from userspace to retain the original
iptables semantics, ie.  bail out on removing chains that contain rules.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-09-04 17:34:55 +02:00
..
6lowpan
9p Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-15 12:00:42 -07:00
802 net: introduce __skb_put_[zero, data, u8] 2017-06-20 13:30:14 -04:00
8021q net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
appletalk networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
atm net: atm: make atmdev_ops const 2017-08-09 22:43:50 -07:00
ax25 net, ax25: convert ax25_cb.refcount from atomic_t to refcount_t 2017-07-04 22:35:19 +01:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-09 16:28:45 -07:00
bluetooth Bluetooth: kfree tmp rather than an alias to it 2017-08-11 21:19:46 +02:00
bpf
bridge net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
caif net: convert sock.sk_wmem_alloc from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
can rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
ceph libceph: make RECOVERY_DELETES feature create a new interval 2017-08-01 16:46:45 +02:00
core net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
dcb rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
dccp net: dccp: Add handling of IPV6_PKTOPTIONS to dccp_v6_do_rcv() 2017-08-31 11:43:47 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
dns_resolver
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
ethernet networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
hsr net/hsr: Check skb_put_padto() return value 2017-08-22 13:40:23 -07:00
ieee802154 net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
ife
ipv4 net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
ipv6 net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
ipx net, ipx: convert ipx_route.refcnt from atomic_t to refcount_t 2017-07-04 22:35:17 +01:00
iucv iucv: Convert sk_wmem_alloc accesses to refcount_t. 2017-07-03 02:31:22 -07:00
kcm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-15 20:23:23 -07:00
l2tp l2tp: hold tunnel used while creating sessions with netlink 2017-08-28 11:34:58 -07:00
l3mdev
lapb net, lapb: convert lapb_cb.refcnt from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
llc net, llc: convert llc_sap.refcnt from atomic_t to refcount_t 2017-07-04 22:35:15 +01:00
mac80211 mac80211: add api to start ba session timer expired flow 2017-08-09 09:49:42 +03:00
mac802154
mpls rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
ncsi net/ncsi: Configure VLAN tag filter 2017-08-28 16:49:49 -07:00
netfilter netfilter: nf_tables: support for recursive chain deletion 2017-09-04 17:34:55 +02:00
netlabel
netlink net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
netrom net, netrom: convert nr_node.refcount from atomic_t to refcount_t 2017-07-04 22:35:17 +01:00
nfc NFC: Add sockaddr length checks before accessing sa_family in bind handlers 2017-06-23 00:38:31 +02:00
nsh nsh: add GSO support 2017-08-29 15:16:52 -07:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
phonet rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
psample networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
qrtr rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
rds RDS: make rhashtable_params const 2017-08-28 11:30:02 -07:00
rfkill
rose
rxrpc rxrpc: Allow failed client calls to be retried 2017-08-29 10:55:20 +01:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
smc net/smc: synchronize buffer usage with device 2017-07-29 11:22:58 -07:00
strparser strparser: initialize all callbacks 2017-08-24 21:57:50 -07:00
sunrpc Two nfsd bugfixes, neither 4.13 regressions, but both potentially 2017-08-25 17:27:26 -07:00
switchdev net: switchdev: Remove bridge bypass support from switchdev 2017-08-07 14:48:48 -07:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
tls TLS: Fix length check in do_tls_getsockopt_tx() 2017-07-06 10:58:19 +01:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-21 17:06:42 -07:00
vmw_vsock hv_sock: implements Hyper-V transport for Virtual Sockets (AF_VSOCK) 2017-08-28 15:38:18 -07:00
wimax
wireless netlink validation fixes for nl80211 2017-07-07 11:35:55 +01:00
x25 X25: constify null_x25_address 2017-08-03 09:13:51 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
compat.c get_compat_bpf_fprog(): don't copyin field-by-field 2017-07-04 13:14:34 -04:00
Kconfig net: Remove CONFIG_NETFILTER_DEBUG and _ASSERT() macros. 2017-09-04 13:25:20 +02:00
Makefile nsh: add GSO support 2017-08-29 15:16:52 -07:00
socket.c net: fixes for skb_send_sock 2017-08-16 11:27:52 -07:00
sysctl_net.c