On Fri, 8 May 2015, Pablo Neira Ayuso wrote: > On Sat, May 02, 2015 at 07:27:53PM +0200, Jozsef Kadlecsik wrote: > > Three types of data need to be protected in the case of the hash types: > > > > a. The hash buckets: standard rcu pointer operations are used. > > b. The allocated elements in the hash buckets: a bitmap is used > > for book-keeping to tell which elements in the hash bucket are > > used or free. > > c. Networks per cidr values and the cidr values themselves: the fix > > sized arrays need no protection. The values are modified in such > > an order that in the worst case an element testing is repeated > > again with the same cidr value. > > Did you consider using the rhashtable implementation under > lib/rhashtable.c? Do you think there is any chance to accommodate that > into ipset? If possible, it would avoid from dealing with this > complexity. The cidr book-keeping (c) must be kept in the rhashtable implementation too. If the speed optimization (arrays as hash elements) is ported over, then (b) must be preserved too. What remains is actually simpler than rhashtable itself. I must look into rhashtable deeper in order to check other required features like enforced hard limit on the number of elements/hash size (instead of memory limit). Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
