From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>,
netfilter-devel@vger.kernel.org, nhofmeyr@sysmocom.de,
eric@garver.life, fw@strlen.de
Subject: Re: [PATCH nft 0/5] relax cache requirements, speed up incremental updates
Date: Thu, 15 Aug 2024 14:46:02 +0200 [thread overview]
Message-ID: <Zr34itYsV9LxG058@calendula> (raw)
In-Reply-To: <Zr3zq62D7-aS6WQe@orbyte.nwl.cc>
On Thu, Aug 15, 2024 at 02:25:15PM +0200, Phil Sutter wrote:
> On Thu, Aug 15, 2024 at 01:37:07PM +0200, Pablo Neira Ayuso wrote:
> > Hi,
> >
> > The following patchset relaxes cache requirements, this is based on the
> > observation that objects are fetched to report errors and provide hints.
>
> This is nice as it applies to error path only, though the second cache
> fetch is prone to race conditions.
The call to nft_cache_update() ensures cache is consistent, old cache
is dropped and a new consistent cache is obtained. The hint could be
misleading (worst case) though since the cache could have different
generation ID that the transaction itself, but it is just a hint.
> Did you consider retrying the whole transaction with beefed-up cache
> in error case?
Why retry? I am assuming a batch where the user made a mistake, retry
will fail again.
> I was about to mention how it nicely integrates with transaction
> refresh in ERESTART case, but then realized this is iptables code
> and nft doesn't retry in that case?!
I think you are talking about different scenario, that is, userspace
sends an update but generation ID mismatches, kernel reports ERESTART
and nftables revamps, this is to catch an interference with another
process, that needs to be done in nft, but it is a different issue.
next prev parent reply other threads:[~2024-08-15 12:46 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-15 11:37 [PATCH nft 0/5] relax cache requirements, speed up incremental updates Pablo Neira Ayuso
2024-08-15 11:37 ` [PATCH nft 1/5] cache: rule by index requires full cache Pablo Neira Ayuso
2024-08-15 11:37 ` [PATCH nft 2/5] cache: populate chains on demand from error path Pablo Neira Ayuso
2024-08-15 11:37 ` [PATCH nft 3/5] cache: populate objecs " Pablo Neira Ayuso
2024-08-15 11:37 ` [PATCH nft 4/5] cache: populate flowtable " Pablo Neira Ayuso
2024-08-15 11:37 ` [PATCH nft 5/5] cache: do not fetch set inconditionally on delete Pablo Neira Ayuso
2024-08-15 12:25 ` [PATCH nft 0/5] relax cache requirements, speed up incremental updates Phil Sutter
2024-08-15 12:46 ` Pablo Neira Ayuso [this message]
2024-08-15 13:10 ` Phil Sutter
2024-08-15 13:38 ` Pablo Neira Ayuso
2024-08-15 15:08 ` Eric Garver
2024-08-19 15:54 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zr34itYsV9LxG058@calendula \
--to=pablo@netfilter.org \
--cc=eric@garver.life \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=nhofmeyr@sysmocom.de \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.