When doing a flush on a set or mass adding/removing elements from a
set, each element needs to allocate 96 bytes to hold the transactional
state.
In such cases, virtually all the information in struct nft_trans_elem
is the same.
Change nft_trans_elem to a flex-array, i.e. a single nft_trans_elem
can hold multiple set element pointers.
The number of elements that can be stored in one nft_trans_elem is limited
by the slab allocator, this series limits the compaction to at most 62
elements as it caps the reallocation to 2048 bytes of memory.
Florian Westphal (5):
netfilter: nf_tables: prefer nft_trans_elem_alloc helper
netfilter: nf_tables: add nft_trans_commit_list_add_elem helper
netfilter: nf_tables: prepare for multiple elements in nft_trans_elem
structure
netfilter: nf_tables: switch trans_elem to real flex array
netfilter: nf_tables: allocate element update information dynamically
include/net/netfilter/nf_tables.h | 25 +--
net/netfilter/nf_tables_api.c | 348 +++++++++++++++++++++++-------
2 files changed, 283 insertions(+), 90 deletions(-)
--
2.44.2
