pipapo keeps one active set data (used from datapath) and one shadow
copy, in priv->clone, used from transactional path to update the set.
On abort and commit, the clone/shadow becomes the active set,
and a new clone is made for the next transaction.
The problem with this is that we cannot fail in ->commit.
This patchset rearranges priv->clone allocation so the cloning occurs on
the first insertion/removal.
set flush needs a bit of extra work, this is done by adding a iter_type
hint to the walker callbacks so that a set flush will be able to perform
the needed clone.
The dirty flag is no longer meaningful after these changes, so last
patch removes it again.
After this patch it is possible to elide calls to nft_setelem_remove
from the abort path IFF the set backend implements an abort() function,
but this change isn't included here.
Florian Westphal (9):
netfilter: nft_set_pipapo: move prove_locking helper around
netfilter: nft_set_pipapo: make pipapo_clone helper return NULL
netfilter: nft_set_pipapo: prepare destroy function for on-demand clone
netfilter: nft_set_pipapo: prepare walk function for on-demand clone
netfilter: nf_tables: pass new nft_iter_type hint to walker
netfilter: nft_set_pipapo: merge deactivate helper into caller
netfilter: nft_set_pipapo: prepare pipapo_get helper for on-demand clone
netfilter: nft_set_pipapo: move cloning of match info to
insert/removal path
netfilter: nft_set_pipapo: remove dirty flag
include/net/netfilter/nf_tables.h | 12 ++
net/netfilter/nf_tables_api.c | 1 +
net/netfilter/nft_set_pipapo.c | 259 +++++++++++++++---------------
net/netfilter/nft_set_pipapo.h | 2 -
4 files changed, 140 insertions(+), 134 deletions(-)
--
2.43.2
