From: Oliver <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH v2] netfilter: ipset: refactor hash types to use address/cidr arrays.
Date: Fri, 06 Sep 2013 01:31:23 +0200 [thread overview]
Message-ID: <1894701.xWd9IXYenT@gentoovm> (raw)
In-Reply-To: <alpine.DEB.2.00.1309041915390.8534@blackhole.kfki.hu>
On Wednesday 04 September 2013 19:20:35 Jozsef Kadlecsik wrote:
<snip>
> > >
> > > -mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length)
> > > +mtype_add_cidr(struct htype *h, u8 cidr, u8 nets_length, u8 n)
> >
> > Ok, I see what you were envisioning now - I'm not entirely sure if the
> > benefit of not having to modify the existing hash structs outweighs the
> > cost of having to insert special cases in the generic header -
> > especially now considering each hash only consists of a single struct
> > for each address family.
>
> I committed and pushed it to the ipset git tree. The special cases are
> going to be enabled by #ifdef conditions, so the common case is kept as
> simple as possible.
Alright, I took a look at the changes - I'll wait for the extension cleanup
then send out a rebased version of hash:net,net since that's presumably going
to be the difference between having to declare struct combinations for the
various extensions versus not having to do it. I'm very intrigued to see what
you can come up with that's shorter than my rework :P
On a related note - I was thinking about the impact of recursively walking the
CIDRs and it did occur to me that this operation is very parallelisable -
however, I found that when I ran ipset -T on the set, the in-kernel code is
running in an interrupt context (somehow, I couldn't see what made it like
that), which means it's not possible to spin up kthreads (unless there's
something that I don't know about) - when testing of an ipset is called via
xt_set, is that also running in an interrupt context? if not, it could be
parallelised quite nicely, which I anticipate would give some gains on
multicore systems, and especially for IPv6, one would think.
Kind Regards,
Oliver.
next prev parent reply other threads:[~2013-09-06 1:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-03 18:15 [PATCH v2] netfilter: ipset: refactor hash types to use address/cidr arrays Oliver
2013-09-03 20:27 ` Jozsef Kadlecsik
2013-09-03 22:06 ` Jozsef Kadlecsik
2013-09-04 5:21 ` Oliver
2013-09-04 17:20 ` Jozsef Kadlecsik
2013-09-05 23:31 ` Oliver [this message]
2013-09-06 18:00 ` Jozsef Kadlecsik
2013-09-06 20:43 ` Oliver
2013-09-10 8:01 ` Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1894701.xWd9IXYenT@gentoovm \
--to=oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).