Hi Simon,
On Fri, Jan 17, 2025 at 10:49:57AM +0000, Simon Horman wrote:
> On Thu, Jan 16, 2025 at 06:18:49PM +0100, Pablo Neira Ayuso wrote:
> > The existing rbtree implementation uses singleton elements to represent
> > ranges, however, userspace provides a set size according to the number
> > of ranges in the set.
> >
> > Adjust provided userspace set size to the number of singleton elements
> > in the kernel by multiplying the range by two.
> >
> > Check if the no-match all-zero element is already in the set, in such
> > case release one slot in the set size.
> >
> > Fixes: 0ed6389c483d ("netfilter: nf_tables: rename set implementations")
> > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> > ---
> > include/net/netfilter/nf_tables.h | 3 ++
> > net/netfilter/nf_tables_api.c | 49 +++++++++++++++++++++++++++++--
> > net/netfilter/nft_set_rbtree.c | 43 +++++++++++++++++++++++++++
> > 3 files changed, 93 insertions(+), 2 deletions(-)
> >
> > diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
> > index 0027beca5cd5..7dcea247f853 100644
> > --- a/include/net/netfilter/nf_tables.h
> > +++ b/include/net/netfilter/nf_tables.h
> > @@ -495,6 +495,9 @@ struct nft_set_ops {
> > const struct nft_set *set,
> > const struct nft_set_elem *elem,
> > unsigned int flags);
> > + u32 (*ksize)(u32 size);
> > + u32 (*usize)(u32 size);
> > + u32 (*adjust_maxsize)(const struct nft_set *set);
> > void (*commit)(struct nft_set *set);
> > void (*abort)(const struct nft_set *set);
> > u64 (*privsize)(const struct nlattr * const nla[],
>
> Hi Pablo,
>
> As a follow-up could these new fields be added to
> the Kernel doc for nft_set_ops?
Sure, I can do that.
I can also send a v2 for this pull request if more comments accumulate.
Thanks.
