On Tue, Oct 03, 2023 at 11:04:10AM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > Hi Florian, > > > > I am collecting here your comments for the model we are defining for > > set elements: > > > > https://people.netfilter.org/pablo/setelems-timeout.txt > > LGTM. I think your proposal to snapshot current time and > remove the "moving target" is key. Agreed. > > Let me know if you have more possible scenarios that you think that > > might not be address by this model: > > > > - Annotate current time at the beginning of the transaction, use it > > in _expired() check (=> timeout is not a moving target anymore). > > - Annotate element timeout update in transaction, update timeout from > > _commit() path not to refresh it. > > Right, I think that will work. > For rbtree, sync gc is kept in place, elements are not zapped, > they get tagged as DEAD, including the end element. > > Then from commit, do full scan and remove any and all elements > that are flagged as DEAD or have expired. Sounds good. Would you follow this approach to fix the existing issue with the rbtree on-demand GC in nf.git?