Re: [PATCH v2] netfilter: ipset: refactor hash types to use address/cidr arrays.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 4 Sep 2013, Oliver wrote:

> On Wednesday 04 September 2013 00:06:01 Jozsef Kadlecsik wrote:
> > On Tue, 3 Sep 2013, Jozsef Kadlecsik wrote:
> > > On Tue, 3 Sep 2013, Oliver wrote:
> > [...]
> > 
> > > > -mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length)
> > > > +mtype_add_cidr(struct htype *h, const u8 cidr[], u8 nets_length)
> > > 
> > > I do remember you asked it and I confused you: no, the hash types need not
> > > be changed for this (see below), mtype_add_cidr requires just a new arg as
> > > to which member of the cidr/net array of struct htype to be updated.
> > 
> > I was thinking about something like this (untested, unchecked):
> 
> <snip>
> 
> > @@ -296,46 +300,46 @@ struct htype {
> >  /* Network cidr size book keeping when the hash stores different
> >   * sized networks */
> >  static void
> > -mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length)
> > +mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n)
> 
> Ok, I see what you were envisioning now - I'm not entirely sure if the 
> benefit of not having to modify the existing hash structs outweighs the 
> cost of having to insert special cases in the generic header - 
> especially now considering each hash only consists of a single struct 
> for each address family.

I committed and pushed it to the ipset git tree. The special cases are 
going to be enabled by #ifdef conditions, so the common case is kept as 
simple as possible.
 
> Essentially, this is going to be something of a tradeoff; if it's left 
> like it is now, all the existing single calls to 
> mtype_add_cidr/mtype_del_cidr don't require any modification since the 
> loop inside them handles CIDR for N number of nets simply by virtue of 
> whatever you #define IPSET_NET_COUNT to be.
>
> On the other hand, if we want to avoid changing the existing *net* hashes to 
> conform to the array style, it'll require special cases that execute multiple 
> calls to mtype_add_cidr and mtype_del_cidr - the blow could be softened by 
> sticking a loop around it, but that's effectively going to be a small chunk of 
> code duplication in order to get there. Part of the confusion I would say was 
> that I figured you wanted to deduplicate the code as much as possible, so with 
> that I went all-out and refactored the entire lot of existing types 
> accordingly.
> 
> So, the way I see it... go with what we have right now, less code duplication, 
> smaller code in general or have special cases for IPSET_NET_COUNT > 1.
> 
> Let me know what you think, I'm not massively concerned either way, but my 
> vote would be for how it is now (quelle surprise?)
> 
> Thanks,
> Oliver.
> 
> P.S. I've made a bunch of corrections to the comments extension and 
> rebased it against all these general fixes and improvements, so I'll 
> give it another once- over and patch-bomb the mailing list with it 
> later.

Please wait a little bit with sending the comments extensions: I'm working 
on the extensions infratructure.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux