Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > Pablo Neira Ayuso (6): > netfilter: nf_tables: honor EINTR in ruleset validation from commit/abort path Do this via nf.git? > netfilter: nf_tables: honor validation state in preparation phase > netfilter: nf_tables: add infrastructure for chain validation on updates > netfilter: nf_tables: add new binding infrastructure > netfilter: nf_tables: use new binding infrastructure > netfilter: nf_tables: add support for validating incremental ruleset updates > > include/net/netfilter/nf_tables.h | 52 +- > net/netfilter/nf_tables_api.c | 800 ++++++++++++++++++++++++++++-- > net/netfilter/nft_immediate.c | 25 +- > 3 files changed, 844 insertions(+), 33 deletions(-) This is a lot of new code but no explanation as to why is given. Does this fix bugs with the existing scheme? Or is this an optimization? If so, how big is the speedup?
