From: Simon Horman <horms@kernel.org>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, kuba@kernel.org, pabeni@redhat.com,
edumazet@google.com, fw@strlen.de
Subject: Re: [PATCH net-next 01/14] netfilter: nf_tables: fix set size with rbtree backend
Date: Fri, 17 Jan 2025 10:49:57 +0000 [thread overview]
Message-ID: <20250117104957.GK6206@kernel.org> (raw)
In-Reply-To: <20250116171902.1783620-2-pablo@netfilter.org>
On Thu, Jan 16, 2025 at 06:18:49PM +0100, Pablo Neira Ayuso wrote:
> The existing rbtree implementation uses singleton elements to represent
> ranges, however, userspace provides a set size according to the number
> of ranges in the set.
>
> Adjust provided userspace set size to the number of singleton elements
> in the kernel by multiplying the range by two.
>
> Check if the no-match all-zero element is already in the set, in such
> case release one slot in the set size.
>
> Fixes: 0ed6389c483d ("netfilter: nf_tables: rename set implementations")
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
> include/net/netfilter/nf_tables.h | 3 ++
> net/netfilter/nf_tables_api.c | 49 +++++++++++++++++++++++++++++--
> net/netfilter/nft_set_rbtree.c | 43 +++++++++++++++++++++++++++
> 3 files changed, 93 insertions(+), 2 deletions(-)
>
> diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
> index 0027beca5cd5..7dcea247f853 100644
> --- a/include/net/netfilter/nf_tables.h
> +++ b/include/net/netfilter/nf_tables.h
> @@ -495,6 +495,9 @@ struct nft_set_ops {
> const struct nft_set *set,
> const struct nft_set_elem *elem,
> unsigned int flags);
> + u32 (*ksize)(u32 size);
> + u32 (*usize)(u32 size);
> + u32 (*adjust_maxsize)(const struct nft_set *set);
> void (*commit)(struct nft_set *set);
> void (*abort)(const struct nft_set *set);
> u64 (*privsize)(const struct nlattr * const nla[],
Hi Pablo,
As a follow-up could these new fields be added to
the Kernel doc for nft_set_ops?
next prev parent reply other threads:[~2025-01-17 10:50 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-16 17:18 [PATCH net-next 00/14] Netfilter updates for net-next Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 01/14] netfilter: nf_tables: fix set size with rbtree backend Pablo Neira Ayuso
2025-01-17 10:49 ` Simon Horman [this message]
2025-01-17 11:12 ` Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 02/14] netfilter: br_netfilter: remove unused conditional and dead code Pablo Neira Ayuso
2025-01-19 0:58 ` Jakub Kicinski
2025-01-16 17:18 ` [PATCH net-next 03/14] netfilter: nf_tables: Flowtable hook's pf value never varies Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 04/14] netfilter: nf_tables: Store user-defined hook ifname Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 05/14] netfilter: nf_tables: Use stored ifname in netdev hook dumps Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 06/14] netfilter: nf_tables: Compare netdev hooks based on stored name Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 07/14] netfilter: nf_tables: Tolerate chains with no remaining hooks Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 08/14] netfilter: nf_tables: Simplify chain netdev notifier Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 09/14] netfilter: nft_flow_offload: clear tcp MAXACK flag before moving to slowpath Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 10/14] netfilter: nft_flow_offload: update tcp state flags under lock Pablo Neira Ayuso
2025-01-16 17:18 ` [PATCH net-next 11/14] netfilter: conntrack: remove skb argument from nf_ct_refresh Pablo Neira Ayuso
2025-01-16 17:19 ` [PATCH net-next 12/14] netfilter: conntrack: rework offload nf_conn timeout extension logic Pablo Neira Ayuso
2025-01-19 1:05 ` Jakub Kicinski
2025-01-16 17:19 ` [PATCH net-next 13/14] netfilter: flowtable: teardown flow if cached mtu is stale Pablo Neira Ayuso
2025-01-16 17:19 ` [PATCH net-next 14/14] netfilter: flowtable: add CLOSING state Pablo Neira Ayuso
-- strict thread matches above, loose matches on Subject: below --
2025-01-19 17:20 [PATCH net-next,v2 00/14] Netfilter updates for net-next Pablo Neira Ayuso
2025-01-19 17:20 ` [PATCH net-next 01/14] netfilter: nf_tables: fix set size with rbtree backend Pablo Neira Ayuso
2025-01-20 20:10 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250117104957.GK6206@kernel.org \
--to=horms@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.