Hi, This is a first batch of nf_tables set updates: 1) Use nft_set_ext already accesible as parameter via .flush(), no need for pipapo_deactivate() call. 2) Turn .flush into void, this never fails. 3) Add and use struct nft_elem_priv placeholder, suggested by Florian. 4) Shrink memory usage for set elements in transactions, as well as stack usage. 5) Use struct nft_elem_priv in .insert, in preparation for set timeout updates, this will come in a later patch. This batch has survived hours of 30s-stress runs and tests/shell, I am still stress testing the set element updates, that will come in a follow up batch. Thanks Pablo Neira Ayuso (5): netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush netfilter: nf_tables: set backend .flush always succeeds netfilter: nf_tables: expose opaque set element as struct nft_elem_priv netfilter: nf_tables: shrink memory consumption of set elements netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST include/net/netfilter/nf_tables.h | 60 +++++---- net/netfilter/nf_tables_api.c | 217 ++++++++++++++---------------- net/netfilter/nft_dynset.c | 23 ++-- net/netfilter/nft_set_bitmap.c | 53 ++++---- net/netfilter/nft_set_hash.c | 109 +++++++-------- net/netfilter/nft_set_pipapo.c | 73 +++++----- net/netfilter/nft_set_pipapo.h | 4 +- net/netfilter/nft_set_rbtree.c | 71 +++++----- 8 files changed, 305 insertions(+), 305 deletions(-) -- 2.30.2
