On Mon, 16 Mar 2015, Sergey Popovich wrote: > Offsets and total length returned by the ip_set_elem_len() > calculated incorrectly as initial set element length (i.e. > len parameter) is used multiple times in offset calculations, > also affecting set element total length. > > Use initial set element length as start offset, do not add aligned > extension offset to the offset. Return offset as total length of > the set element. > > This reduces memory requirements on per element basic for the > hash:* type of sets. > > For example output from 'ipset -terse list test-1' on 64-bit PC, > where test-1 is generated via following script: > > #!/bin/bash > > set_name='test-1' > > ipset create "$set_name" hash:net family inet \ > timeout 10800 counters comment \ > hashsize 65536 maxelem 65536 > > declare -i o3 o4 > fmt="add $set_name 192.168.%u.%u\n" > > for ((o3 = 0; o3 < 256; o3++)); do > for ((o4 = 0; o4 < 256; o4++)); do > printf "$fmt" $o3 $o4 > done > done |ipset -exist restore > > BEFORE this patch is applied > > # ipset -terse list test-1 > Name: test-1 > Type: hash:net > Revision: 6 > Header: family inet hashsize 65536 maxelem 65536 > timeout 10800 counters comment > Size in memory: 26348440 > > and AFTER applying patch > > # ipset -terse list test-1 > Name: test-1 > Type: hash:net > Revision: 6 > Header: family inet hashsize 65536 maxelem 65536 > timeout 10800 counters comment > Size in memory: 7706392 > References: 0 > > Signed-off-by: Sergey Popovich <popovich_sergei@xxxxxxx> Good catch, you are right. Patch is applied. Best regards, Jozsef > --- > net/netfilter/ipset/ip_set_core.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c > index d259da3..fb1f2b4 100644 > --- a/net/netfilter/ipset/ip_set_core.c > +++ b/net/netfilter/ipset/ip_set_core.c > @@ -365,7 +365,7 @@ size_t > ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len) > { > enum ip_set_ext_id id; > - size_t offset = 0; > + size_t offset = len; > u32 cadt_flags = 0; > > if (tb[IPSET_ATTR_CADT_FLAGS]) > @@ -375,12 +375,12 @@ ip_set_elem_len(struct ip_set *set, struct nlattr *tb[], size_t len) > for (id = 0; id < IPSET_EXT_ID_MAX; id++) { > if (!add_extension(id, cadt_flags, tb)) > continue; > - offset += ALIGN(len + offset, ip_set_extensions[id].align); > + offset = ALIGN(offset, ip_set_extensions[id].align); > set->offset[id] = offset; > set->extensions |= ip_set_extensions[id].type; > offset += ip_set_extensions[id].len; > } > - return len + offset; > + return offset; > } > EXPORT_SYMBOL_GPL(ip_set_elem_len); > > -- > 1.7.10.4 > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html