Re: [PATCH v2] netfilter: ipset: refactor hash types to use address/cidr arrays.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 04 September 2013 19:20:35 Jozsef Kadlecsik wrote:

<snip>

> > > 
> > > -mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length)
> > > +mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n)
> > 
> > Ok, I see what you were envisioning now - I'm not entirely sure if the
> > benefit of not having to modify the existing hash structs outweighs the
> > cost of having to insert special cases in the generic header -
> > especially now considering each hash only consists of a single struct
> > for each address family.
> 
> I committed and pushed it to the ipset git tree. The special cases are
> going to be enabled by #ifdef conditions, so the common case is kept as
> simple as possible.

Alright, I took a look at the changes - I'll wait for the extension cleanup 
then send out a rebased version of hash:net,net since that's presumably going 
to be the difference between having to declare struct combinations for the 
various extensions versus not having to do it. I'm very intrigued to see what 
you can come up with that's shorter than my rework :P

On a related note - I was thinking about the impact of recursively walking the 
CIDRs and it did occur to me that this operation is very parallelisable - 
however, I found that when I ran ipset -T on the set, the in-kernel code is 
running in an interrupt context (somehow, I couldn't see what made it like 
that), which means it's not possible to spin up kthreads (unless there's 
something that I don't know about) - when testing of an ipset is called via 
xt_set, is that also running in an interrupt context? if not, it could be 
parallelised quite nicely, which I anticipate would give some gains on 
multicore systems, and especially for IPv6, one would think.

Kind Regards,
Oliver.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux