On Thu, Jan 16, 2025 at 06:18:49PM +0100, Pablo Neira Ayuso wrote:
> The existing rbtree implementation uses singleton elements to represent
> ranges, however, userspace provides a set size according to the number
> of ranges in the set.
>
> Adjust provided userspace set size to the number of singleton elements
> in the kernel by multiplying the range by two.
>
> Check if the no-match all-zero element is already in the set, in such
> case release one slot in the set size.
>
> Fixes: 0ed6389c483d ("netfilter: nf_tables: rename set implementations")
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> include/net/netfilter/nf_tables.h | 3 ++
> net/netfilter/nf_tables_api.c | 49 +++++++++++++++++++++++++++++--
> net/netfilter/nft_set_rbtree.c | 43 +++++++++++++++++++++++++++
> 3 files changed, 93 insertions(+), 2 deletions(-)
>
> diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
> index 0027beca5cd5..7dcea247f853 100644
> --- a/include/net/netfilter/nf_tables.h
> +++ b/include/net/netfilter/nf_tables.h
> @@ -495,6 +495,9 @@ struct nft_set_ops {
> const struct nft_set *set,
> const struct nft_set_elem *elem,
> unsigned int flags);
> + u32 (*ksize)(u32 size);
> + u32 (*usize)(u32 size);
> + u32 (*adjust_maxsize)(const struct nft_set *set);
> void (*commit)(struct nft_set *set);
> void (*abort)(const struct nft_set *set);
> u64 (*privsize)(const struct nlattr * const nla[],
Hi Pablo,
As a follow-up could these new fields be added to
the Kernel doc for nft_set_ops?
