[PATCH nf-next 0/9] nft_set_pipapo: remove cannot-fail allocations on commit and abort

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



pipapo keeps one active set data (used from datapath) and one shadow
copy, in priv->clone, used from transactional path to update the set.

On abort and commit, the clone/shadow becomes the active set,
and a new clone is made for the next transaction.

The problem with this is that we cannot fail in ->commit.

This patchset rearranges priv->clone allocation so the cloning occurs on
the first insertion/removal.

set flush needs a bit of extra work, this is done by adding a iter_type
hint to the walker callbacks so that a set flush will be able to perform
the needed clone.

The dirty flag is no longer meaningful after these changes, so last
patch removes it again.

After this patch it is possible to elide calls to nft_setelem_remove
from the abort path IFF the set backend implements an abort() function,
but this change isn't included here.

Florian Westphal (9):
  netfilter: nft_set_pipapo: move prove_locking helper around
  netfilter: nft_set_pipapo: make pipapo_clone helper return NULL
  netfilter: nft_set_pipapo: prepare destroy function for on-demand clone
  netfilter: nft_set_pipapo: prepare walk function for on-demand clone
  netfilter: nf_tables: pass new nft_iter_type hint to walker
  netfilter: nft_set_pipapo: merge deactivate helper into caller
  netfilter: nft_set_pipapo: prepare pipapo_get helper for on-demand clone
  netfilter: nft_set_pipapo: move cloning of match info to
    insert/removal path
  netfilter: nft_set_pipapo: remove dirty flag

 include/net/netfilter/nf_tables.h |  12 ++
 net/netfilter/nf_tables_api.c     |   1 +
 net/netfilter/nft_set_pipapo.c    | 259 +++++++++++++++---------------
 net/netfilter/nft_set_pipapo.h    |   2 -
 4 files changed, 140 insertions(+), 134 deletions(-)

-- 
2.43.2





[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux