Florian Westphal <fw@xxxxxxxxx> wrote: > Sven Auhagen <sven.auhagen@xxxxxxxxxxxx> wrote: > > When the sets are larger I now always get an error: > > ./main.nft:13:1-26: Error: Could not process rule: Cannot allocate memory > > destroy table inet filter > > ^^^^^^^^^^^^^^^^^^^^^^^^^^ > > along with the kernel message > > percpu: allocation failed, size=16 align=8 atomic=1, atomic alloc failed, no space left > > This specific pcpu allocation failure aside, I think we need to reduce > memory waste with flush op. Plan is: 1. Get rid of ->data[] in struct nft_trans. All nft_trans_xxx will add struct nft_trans as first member instead. 2. Add nft_trans_binding. Move binding_list head from nft_trans to nft_trans_binding. nft_trans_set and nft_trans_chain use nft_trans_binding as first member. This gets rid of struct list_head for all other types. 3. Get rid of struct nft_ctx from nft_trans. As far as I can see a lot of data here is redundant, We can likely stash only struct net, u16 flags, bool report. nft_chain can be moved to the appropriate sub-trans type struct.
