Re: [nft 3/3] src: add set optimization options

[Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx>]

On 18 September 2014 20:39, Patrick McHardy <kaber@xxxxxxxxx> wrote:
> On 18. September 2014 20:18:20 MESZ, Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> wrote:
>>This patch adds options to choose set optimization mechanisms.
>>
>>Two new statements are added to the set syntax, and they can be mixed:
>>
>> nft add set filter set1 { type ipv4_addr ; size 1024 ; }
>> nft add set filter set1 { type ipv4_addr ; policy memory ; }
>> nft add set filter set1 { type ipv4_addr ; policy performance ; }
>>nft add set filter set1 { type ipv4_addr ; policy memory ; size 1024 ;
>>}
>>nft add set filter set1 { type ipv4_addr ; size 1024 ; policy memory ;
>>}
>>nft add set filter set1 { type ipv4_addr ; policy performance ; size
>>1024 ; }
>>nft add set filter set1 { type ipv4_addr ; size 1024 ; policy
>>performance ; }
>>
>>Also valid for maps:
>>
>>nft add map filter map1 { type ipv4_addr : verdict ; policy performace
>>; }
>> [...]
>>
>>
>>This is the output format, which can be imported later with `nft -f':
>>
>>table filter {
>>       set set1 {
>>               type ipv4_addr
>>               policy memory
>>               size 1024
>>       }
>>}
>
> Conceptually this looks good, I'll have a look at the implementation after dinner.
>
> What my patch did was only handle the case where limits can be determined automatically, IOW literal sets. Both is needed.
>

Do you mean to give the size parameter a value when we know the set
has a concrete number of elements?
For example:
add rule tcp dport {1 , 2 , 3} counter --> then add a set with fixed size 3.

I realize now the patch includes some newlines included by mistake. So
a v2 is likely to be needed.
-- 
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html