On Fri, 30 Dec 2022, Jozsef Kadlecsik wrote: > Please pull the next patches into your nf tree. > > - The first patch fixes a hang when 0/0 subnets is added to a > hash:net,port,net type of set. Except hash:net,port,net and > hash:net,iface, the set types don't support 0/0 and the auxiliary > functions rely on this fact. So 0/0 needs a special handling in > hash:net,port,net which was missing (hash:net,iface was not affected > by this bug). > - When adding/deleting large number of elements in one step in ipset, > it can take a reasonable amount of time and can result in soft lockup > errors. This patch is a complete rework of the previous version in order > to use a smaller internal batch limit and at the same time removing > the external hard limit to add arbitrary number of elements in one step. > > Please note, while the second patch removes half of the first patch, the > remaining part of the first patch is still important. In the versions I sent the first patch was collapsed with the part for hash:net,port,net from the second patch. So now for proper functionality it depends on the second one. If it is not OK, just let me know! Best regards, Jozsef > The following changes since commit 123b99619cca94bdca0bf7bde9abe28f0a0dfe06: > > netfilter: nf_tables: honor set timeout and garbage collection updates (2022-12-22 10:36:37 +0100) > > are available in the Git repository at: > > git://blackhole.kfki.hu/nf 82f6ab0989c5aa14e > > for you to fetch changes up to 82f6ab0989c5aa14e89f2689f47f89589733f2b2: > > netfilter: ipset: Rework long task execution when adding/deleting entries (2022-12-30 13:11:23 +0100) > > ---------------------------------------------------------------- > Jozsef Kadlecsik (2): > netfilter: ipset: fix hash:net,port,net hang with /0 subnet > netfilter: ipset: Rework long task execution when adding/deleting entries > > include/linux/netfilter/ipset/ip_set.h | 2 +- > net/netfilter/ipset/ip_set_core.c | 7 ++--- > net/netfilter/ipset/ip_set_hash_ip.c | 14 +++++----- > net/netfilter/ipset/ip_set_hash_ipmark.c | 13 ++++----- > net/netfilter/ipset/ip_set_hash_ipport.c | 13 ++++----- > net/netfilter/ipset/ip_set_hash_ipportip.c | 13 ++++----- > net/netfilter/ipset/ip_set_hash_ipportnet.c | 13 +++++---- > net/netfilter/ipset/ip_set_hash_net.c | 17 +++++------- > net/netfilter/ipset/ip_set_hash_netiface.c | 15 +++++------ > net/netfilter/ipset/ip_set_hash_netnet.c | 23 +++++----------- > net/netfilter/ipset/ip_set_hash_netport.c | 19 +++++-------- > net/netfilter/ipset/ip_set_hash_netportnet.c | 40 +++++++++++++++------------- > 12 files changed, 89 insertions(+), 100 deletions(-) > - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
