Hi Oliver, On Sun, 16 Dec 2018, Oliver Smith wrote: > The proceeding patch-set adds three new sets for usage: > > * ip,port,ip,port > * ip,port,net,port > * net,port,net,port > > I would like to solicit some feedback as I am fairly certain that there > are bugs or possibly backwards-incompatiblity in the implementation as > it stands. Before discussing the implementation, I'd like to know the user case at which the four dimensional sets are useful. The client port numbers are randomly chosen. So what gives us if we store and lookup that info as well? Best regards, Jozsef > Most notably, I ran into loss of elements when resizing and had to > significantly rework how the insertion is done. For a good example of > this, see the IPv6 uadt function for ip,port,net,port. I suspect there > is an underlying issue that should be resolved and that the current > behaviour is essentially a sub-optimal workaround. > > I also have patches that apply to the mainline kernel which are > identical to the code that is part of the main ipset package. > > Cheers, > Oliver. > > Oliver Smith (5): > ipset: Support sets with 4 individual elements and an extra port > ipset: Implement ip,port,ip,port hash set. > ipset: Implement ip,port,net,port hash set. > ipset: Implement net,port,net,port hash set. > lib/ipset.c: Fix a compilation failure when using --enable-debug > > include/libipset/data.h | 6 + > include/libipset/linux_ip_set.h | 5 + > include/libipset/types.h | 2 +- > kernel/include/linux/netfilter/ipset/ip_set.h | 4 +- > .../uapi/linux/netfilter/ipset/ip_set.h | 5 + > kernel/net/netfilter/ipset/Kbuild | 2 + > kernel/net/netfilter/ipset/Kconfig | 31 +- > .../ipset/ip_set_hash_ipportipport.c | 436 ++++++++++++ > .../ipset/ip_set_hash_ipportnetport.c | 612 ++++++++++++++++ > .../ipset/ip_set_hash_netportnetport.c | 662 ++++++++++++++++++ > lib/Makefile.am | 3 + > lib/data.c | 14 + > lib/debug.c | 2 + > lib/ipset.c | 1 + > lib/ipset_hash_ipportipport.c | 144 ++++ > lib/ipset_hash_ipportnetport.c | 152 ++++ > lib/ipset_hash_netportnetport.c | 149 ++++ > lib/parse.c | 40 +- > lib/print.c | 28 +- > lib/session.c | 8 + > tests/hash:ip,port,ip,port.t | 159 +++++ > tests/hash:ip,port,ip,port.t.list0 | 11 + > tests/hash:ip,port,ip,port.t.list1 | 7 + > tests/hash:ip,port,net,port.t | 183 +++++ > tests/hash:ip,port,net,port.t.list0 | 11 + > tests/hash:ip6,port,ip6,port.t | 115 +++ > tests/hash:ip6,port,ip6,port.t.list0 | 12 + > tests/hash:ip6,port,ip6,port.t.list1 | 7 + > tests/hash:ip6,port,net6,port.t | 143 ++++ > tests/hash:ip6,port,net6,port.t.list0 | 11 + > tests/hash:net,port,net,port.t | 191 +++++ > tests/hash:net,port,net,port.t.list0 | 11 + > tests/hash:net6,port,net6,port.t | 157 +++++ > tests/hash:net6,port,net6,port.t.list0 | 11 + > tests/resizet.sh | 24 + > tests/runtest.sh | 3 + > 36 files changed, 3344 insertions(+), 18 deletions(-) > create mode 100644 kernel/net/netfilter/ipset/ip_set_hash_ipportipport.c > create mode 100644 kernel/net/netfilter/ipset/ip_set_hash_ipportnetport.c > create mode 100644 kernel/net/netfilter/ipset/ip_set_hash_netportnetport.c > create mode 100644 lib/ipset_hash_ipportipport.c > create mode 100644 lib/ipset_hash_ipportnetport.c > create mode 100644 lib/ipset_hash_netportnetport.c > create mode 100644 tests/hash:ip,port,ip,port.t > create mode 100644 tests/hash:ip,port,ip,port.t.list0 > create mode 100644 tests/hash:ip,port,ip,port.t.list1 > create mode 100644 tests/hash:ip,port,net,port.t > create mode 100644 tests/hash:ip,port,net,port.t.list0 > create mode 100644 tests/hash:ip6,port,ip6,port.t > create mode 100644 tests/hash:ip6,port,ip6,port.t.list0 > create mode 100644 tests/hash:ip6,port,ip6,port.t.list1 > create mode 100644 tests/hash:ip6,port,net6,port.t > create mode 100644 tests/hash:ip6,port,net6,port.t.list0 > create mode 100644 tests/hash:net,port,net,port.t > create mode 100644 tests/hash:net,port,net,port.t.list0 > create mode 100644 tests/hash:net6,port,net6,port.t > create mode 100644 tests/hash:net6,port,net6,port.t.list0 > > -- > 2.19.2 > > - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary
