From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH] netfilter: ipset: Increase the number of maximal sets automatically as needed
Date: Tue, 27 Nov 2012 15:09:25 +0100 [thread overview]
Message-ID: <20121127140925.GA9089@1984> (raw)
In-Reply-To: <alpine.DEB.2.00.1211271246020.14623@blackhole.kfki.hu>
On Tue, Nov 27, 2012 at 12:55:00PM +0100, Jozsef Kadlecsik wrote:
[...]
> > > > Why not just some specific operation to set a new ip_set_max value and
> > > > readjust the array of sets in that case? Thus, the user is in full
> > > > control of the maximum number of sets and we don't have to assume
> > > > anything.
> > >
> > > That'd need another knob - this way the array is increased as needed.
> > > The user doesn't have to count the required sets in advance, just create.
> >
> > Yes, that would require some new netlink command. I tend to prefer
> > explicit configuration options. My concern is that day someone will
> > come and say that 2^16 are not enough for them. Then, we'll have to
> > add some explicit upper limit and allow to modify it.
>
> That'd be non trivial, because the whole array should then be replaced
> with something else for faster access from user space when the set is
> searched by name. The kernel always refers to the index.
I think the index is fine as a way to search.
> > But I'm all fine if you like it this way. We can just document that
> > the new maximum amount of sets 65536.
>
> It's "documented" in the input range of the "Maximum number of IP
> sets" configuration parameter in Kconfig. Should I add it explicitely to
> the help text? Or directly to the title line?
Some information in the changelog would be sufficient.
Thanks.
next prev parent reply other threads:[~2012-11-27 14:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-20 19:27 [PATCH] netfilter: ipset: Increase the number of maximal sets automatically as needed Jozsef Kadlecsik
2012-11-27 10:48 ` Pablo Neira Ayuso
2012-11-27 11:18 ` Jozsef Kadlecsik
2012-11-27 11:33 ` Pablo Neira Ayuso
2012-11-27 11:55 ` Jozsef Kadlecsik
2012-11-27 14:09 ` Pablo Neira Ayuso [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-11-19 16:45 Jozsef Kadlecsik
2012-11-19 17:01 ` Eric Dumazet
2012-11-19 17:21 ` Jozsef Kadlecsik
2012-11-19 17:29 ` Eric Dumazet
2012-11-19 17:32 ` Pablo Neira Ayuso
2012-11-19 17:47 ` Jozsef Kadlecsik
2012-11-19 17:49 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121127140925.GA9089@1984 \
--to=pablo@netfilter.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.