From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 10 Oct 2013 11:26:33 +0000 (+0200)
Subject: netfilter: nf_tables: add support for dormant tables
X-Git-Tag: v3.13-rc1~105^2~186^2~6
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9ddf63235749a9efa1fad2eeb74be2ee9b580f8d;p=pandora-kernel.git

netfilter: nf_tables: add support for dormant tables

This patch allows you to temporarily disable an entire table.
You can change the state of a dormant table via NFT_MSG_NEWTABLE
messages. Using this operation you can wake up a table, so their
chains are registered.

This provides atomicity at chain level. Thus, the rule-set of one
chain is applied at once, avoiding any possible intermediate state
in every chain. Still, the chains that belongs to a table are
registered consecutively. This also allows you to have inactive
tables in the kernel.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed