From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: fw@strlen.de, sbrivio@redhat.com
Subject: [PATCH nf 0/2] nf_tables rbtree fixes
Date: Sun, 15 Jan 2023 00:10:45 +0100 [thread overview]
Message-ID: <20230114231047.948785-1-pablo@netfilter.org> (raw)
Hi,
The following patchset contains two fixes for the rbtree set backend:
1) Switch back to the list walk to detect overlap as proposed by Stefano.
Use tree descent to locate nearest more than element to speed up
overlap detection. Perform garbarge collection of expired element
from the insert path while walking the list to avoid bogus overlap
reports.
2) Do not interfer with ongoing transaction from garbage collector.
Skip inactive elements from the garbage collection. Reset annotated
end element coming before expired start element when it is busy with
transaction update.
nftables shell test sets/0044interval_overlap_0 passes without errors.
This also passes this test when disabling set_overlap() in userspace nft
which perform overlap detection from userspace for older kernels (< 5.7).
Pablo Neira Ayuso (2):
netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
net/netfilter/nft_set_rbtree.c | 331 ++++++++++++++++++++-------------
1 file changed, 204 insertions(+), 127 deletions(-)
--
2.30.2
next reply other threads:[~2023-01-14 23:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-14 23:10 Pablo Neira Ayuso [this message]
2023-01-14 23:10 ` [PATCH nf 1/2] netfilter: nft_set_rbtree: Switch to node list walk for overlap detection Pablo Neira Ayuso
2023-01-17 10:40 ` Stefano Brivio
2023-01-17 11:05 ` Pablo Neira Ayuso
2023-01-14 23:10 ` [PATCH nf 2/2] netfilter: nft_set_rbtree: skip elements in transaction from garbage collection Pablo Neira Ayuso
2023-01-17 10:41 ` Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230114231047.948785-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).