Hi Phil,
On Wed, Mar 21, 2018 at 12:07:53PM +0100, Phil Sutter wrote:
> Previously, creating a set of type ipv4_addr with timeout flag failed:
> nft_hash_select_ops() returned nft_hash_fast_ops despite that it doesn't
> support timeout feature. Fix this by making the given flags part of the
> selection process and return only backend ops which support all of them.
>
> Signed-off-by: Phil Sutter <phil@xxxxxx>
> ---
> net/netfilter/nft_set_hash.c | 17 ++++++++++++++---
> 1 file changed, 14 insertions(+), 3 deletions(-)
>
> diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
> index 3f1624ee056f9..3c8b10a556f7c 100644
> --- a/net/netfilter/nft_set_hash.c
> +++ b/net/netfilter/nft_set_hash.c
> @@ -670,6 +670,11 @@ static struct nft_set_ops nft_hash_fast_ops __read_mostly = {
> .features = NFT_SET_MAP | NFT_SET_OBJECT,
> };
>
> +static bool ops_have_features(const struct nft_set_ops *ops, u32 features)
> +{
> + return (ops->features & features) == features;
> +}
> +
> static const struct nft_set_ops *
> nft_hash_select_ops(const struct nft_ctx *ctx, const struct nft_set_desc *desc,
> u32 flags)
> @@ -677,13 +682,19 @@ nft_hash_select_ops(const struct nft_ctx *ctx, const struct nft_set_desc *desc,
> if (desc->size) {
> switch (desc->klen) {
> case 4:
> - return &nft_hash_fast_ops;
> + if (ops_have_features(&nft_hash_fast_ops, flags))
> + return &nft_hash_fast_ops;
> + /* fall through */
> default:
> - return &nft_hash_ops;
> + if (ops_have_features(&nft_hash_ops, flags))
> + return &nft_hash_ops;
> }
> }
>
> - return &nft_rhash_ops;
> + if (ops_have_features(&nft_rhash_ops, flags))
> + return &nft_rhash_ops;
> +
> + return NULL;
> }
This is clashing with existing fixes in nf.git.
I think the backend selection needs a rework, this is the idea:
1) Register all set_ops in one single list (instead of the _type thing).
2) Iterate over the list of _ops, select the one that fits better.
The idea is to remove the _type, and expose all _ops to the set
backend selection. So we don't need this workarounds on the select_ops
code specifically.
I would suggest a patch on top of what we have in nf.git (but that
would go for nf-next.git, I telling this because nf-next.git still
doesn't have the fixes that Florian made for this).
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
