Re: [PATCH nft 2/2] debug: include kernel set information on cache fill

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Florian,

On Thu, Nov 21, 2024 at 06:19:57PM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > AFAICS we only need to update < 10 dump files,
> > > so churn is not too bad.
> > >
> > > Alternative is to always store postprocessed
> > > dumps and then always run sed before diff, but I think
> > > its better to do the extra mile.
> > 
> > rbtree going leaks a raw count of independent interval values which is
> > going to be awkward to the user.
> 
> Sure, wasn't that the reason why you iniitially wanted to restrict this to
> --netlink=debug?  What made you change your mind?

With large garbage collection cycle, this counter provides a hint to
the user to understand that slots are still being consumed by expired
elements.

> Maybe apply the simpler, existing v1 patches only, i.e. no exposure?

My concern is that this is exposing this implementation detail of the
rbtree, forever. Can we agree to do heuristics to hide this detail:

Assuming initial 0.0.0.0 dummy element is in place (this can be
subtracted), then, division by two gives us the number of ranges.

> I can just send a v2 with the new attribute names and no getter for
> libnftnl.

Thanks.




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux