Changes since v1: - rebase on top of nf/net-next tree - patch "netfilter: nf_tables: pass new nft_iter_type hint to walker" has been removed, a similar change has been applied already I've retained Stefanos RvB tags for commits that have not been changed. Tested with nftables py/shell tests and nft_concat_range on a debug kernel. V1 cover letter: pipapo keeps one active set data (used from datapath) and one shadow copy, in priv->clone, used from transactional path to update the set. On abort and commit, the clone/shadow becomes the active set, and a new clone is made for the next transaction. The problem with this is that we cannot fail in ->commit. This patchset rearranges priv->clone allocation so the cloning occurs on the first insertion/removal. set flush needs a bit of extra work, this is done by adding a iter_type hint to the walker callbacks so that a set flush will be able to perform the needed clone. The dirty flag is no longer meaningful after these changes, so last patch removes it again. After this patch it is possible to elide calls to nft_setelem_remove from the abort path IFF the set backend implements an abort() function, but this change isn't included here. Florian Westphal (8): netfilter: nft_set_pipapo: move prove_locking helper around netfilter: nft_set_pipapo: make pipapo_clone helper return NULL netfilter: nft_set_pipapo: prepare destroy function for on-demand clone netfilter: nft_set_pipapo: prepare walk function for on-demand clone netfilter: nft_set_pipapo: merge deactivate helper into caller netfilter: nft_set_pipapo: prepare pipapo_get helper for on-demand clone netfilter: nft_set_pipapo: move cloning of match info to insert/removal path netfilter: nft_set_pipapo: remove dirty flag net/netfilter/nft_set_pipapo.c | 261 ++++++++++++++++----------------- net/netfilter/nft_set_pipapo.h | 2 - 2 files changed, 126 insertions(+), 137 deletions(-) -- 2.43.2
