On Wednesday 2024-05-08 16:08, Florian Westphal wrote: >Sven Auhagen <sven.auhagen@xxxxxxxxxxxx> wrote: >> When the sets are larger I now always get an error: >> ./main.nft:13:1-26: Error: Could not process rule: Cannot allocate memory >> destroy table inet filter >> ^^^^^^^^^^^^^^^^^^^^^^^^^^ >> along with the kernel message >> percpu: allocation failed, size=16 align=8 atomic=1, atomic alloc failed, no space left > >This specific pcpu allocation failure aside, I think we need to reduce >memory waste with flush op. > >Flushing a set with 1m elements will need >100Mbyte worth of memory for >the delsetelem transactional log. Whoa. Isn't there a way to just switch out the set/ruleset and then forget the old set as a whole? (I'm thinking of something in the sense of `btrfs sub del /subvol` vs. the-slow-way `rm -Rf /subvol`)
