From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 04/34] netfilter: ipset: Introduce RCU locking in hash:* types
Date: Fri, 8 May 2015 01:52:02 +0200 [thread overview]
Message-ID: <20150507235202.GB3971@salvia> (raw)
In-Reply-To: <1430587703-3387-5-git-send-email-kadlec@blackhole.kfki.hu>
On Sat, May 02, 2015 at 07:27:53PM +0200, Jozsef Kadlecsik wrote:
> Three types of data need to be protected in the case of the hash types:
>
> a. The hash buckets: standard rcu pointer operations are used.
> b. The allocated elements in the hash buckets: a bitmap is used
> for book-keeping to tell which elements in the hash bucket are
> used or free.
> c. Networks per cidr values and the cidr values themselves: the fix
> sized arrays need no protection. The values are modified in such
> an order that in the worst case an element testing is repeated
> again with the same cidr value.
Did you consider using the rhashtable implementation under
lib/rhashtable.c? Do you think there is any chance to accommodate that
into ipset? If possible, it would avoid from dealing with this
complexity.
next prev parent reply other threads:[~2015-05-07 23:47 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-02 17:27 [PATCH 00/34] ipset patches for nf-next Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 01/34] netfilter: ipset: Remove rbtree from hash:net,iface Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 02/34] netfilter: ipset: Prepare the ipset core to use RCU at set level Jozsef Kadlecsik
2015-05-07 23:39 ` Pablo Neira Ayuso
2015-05-08 19:58 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 03/34] netfilter: ipset: Introduce RCU locking in bitmap:* types Jozsef Kadlecsik
2015-05-07 23:01 ` Pablo Neira Ayuso
2015-05-08 19:57 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 04/34] netfilter: ipset: Introduce RCU locking in hash:* types Jozsef Kadlecsik
2015-05-07 23:52 ` Pablo Neira Ayuso [this message]
2015-05-08 20:13 ` Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 05/34] netfilter: ipset: Introduce RCU locking in list type Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 06/34] netfilter: ipset: Fix parallel resizing and listing of the same set Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 07/34] netfilter: ipset: Fix sparse warning Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 08/34] netfilter: ipset: Use MSEC_PER_SEC consistently Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 09/34] netfilter: ipset: Give a better name to a macro in ip_set_core.c Jozsef Kadlecsik
2015-05-02 17:27 ` [PATCH 10/34] netfilter: ipset: Missing rcu protection in mtype_list() fixed Jozsef Kadlecsik
2015-05-07 18:19 ` Pablo Neira Ayuso
2015-05-08 0:03 ` Pablo Neira Ayuso
2015-05-08 20:15 ` Jozsef Kadlecsik
2015-05-13 16:32 ` Pablo Neira Ayuso
2015-05-15 20:04 ` Jozsef Kadlecsik
2015-05-08 19:55 ` Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 11/34] netfilter: ipset: Make sure listing doesn't grab a set which is just being destroyed Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 12/34] netfilter: ipset: make ip_set_get_ip*_port to use skb_network_offset Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 13/34] netfilter: ipset: Fix cidr handling for hash:*net* types Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 14/34] netfilter: ipset: Properly calculate extensions offsets and total length Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 15/34] netfilter: ipset: Make sure bit operations are not reordered Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 16/34] netfilter: ipset: No need to make nomatch bitfield Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 17/34] netfilter: ipset: Preprocessor directices cleanup Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 18/34] netfilter: ipset: Return ipset error instead of bool Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 19/34] netfilter: ipset: Use SET_WITH_*() helpers to test set extensions Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 20/34] netfilter: ipset: Check extensions attributes before getting extensions Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 21/34] netfilter: ipset: Check IPSET_ATTR_PORT only once Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 22/34] netfilter: ipset: Use HOST_MASK literal to represent host address CIDR len Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 23/34] netfilter: ipset: Permit CIDR equal to the host address CIDR in IPv6 Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 24/34] netfilter: ipset: Make sure we always return line number on batch Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 25/34] netfilter: ipset: Check CIDR value only when attribute is given Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 26/34] netfilter: ipset: Return bool values instead of int Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 27/34] netfilter: ipset: Check for comment netlink attribute length Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 28/34] netfilter: ipset: Fix ext_*() macros Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 29/34] netfilter: ipset: Fix hashing for ipv6 sets Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 30/34] netfilter: ipset: Improve preprocessor macros checks Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 31/34] netfilter: ipset: Make sure dumping can't grab set being just destroyed Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 32/34] netfilter: ipset: RCU safe comment extension handling Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 33/34] netfilter: ipset: Fix coding styles reported by checkpatch.pl Jozsef Kadlecsik
2015-05-02 17:28 ` [PATCH 34/34] netfilter: ipset: Use better include files in xt_set.c Jozsef Kadlecsik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150507235202.GB3971@salvia \
--to=pablo@netfilter.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).