From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: fw@strlen.de
Subject: [PATCH nf-next,v1 1/3] netfilter: nf_tables: add .abort_skip_removal flag for set types
Date: Thu, 15 Jan 2026 13:43:20 +0100 [thread overview]
Message-ID: <20260115124322.90712-2-pablo@netfilter.org> (raw)
In-Reply-To: <20260115124322.90712-1-pablo@netfilter.org>
The pipapo set backend is the only user of the .abort interface so far.
To speed up pipapo abort path, removals are skipped.
The follow up patch updates the rbtree to use to build an array of
ordered elements, then use binary search. This needs a new .abort
interface but, unlike pipapo, it also need to undo/remove elements.
Add a flag and use it from the pipapo set backend.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/net/netfilter/nf_tables.h | 1 +
net/netfilter/nf_tables_api.c | 2 +-
net/netfilter/nft_set_pipapo.c | 2 ++
3 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index fab7dc73f738..21af1a2a6d3d 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -509,6 +509,7 @@ struct nft_set_ops {
const struct nft_set *set);
void (*gc_init)(const struct nft_set *set);
+ bool abort_skip_removal;
unsigned int elemsize;
};
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index f3de2f9bbebf..8f5ad4e89715 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7744,7 +7744,7 @@ static bool nft_trans_elems_new_abort(const struct nft_ctx *ctx,
continue;
}
- if (!te->set->ops->abort || nft_setelem_is_catchall(te->set, te->elems[i].priv))
+ if (!te->set->ops->abort_skip_removal || nft_setelem_is_catchall(te->set, te->elems[i].priv))
nft_setelem_remove(ctx->net, te->set, te->elems[i].priv);
if (!nft_setelem_is_catchall(te->set, te->elems[i].priv))
diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c
index 112fe46788b6..412a1f1eafd8 100644
--- a/net/netfilter/nft_set_pipapo.c
+++ b/net/netfilter/nft_set_pipapo.c
@@ -2370,6 +2370,7 @@ const struct nft_set_type nft_set_pipapo_type = {
.gc_init = nft_pipapo_gc_init,
.commit = nft_pipapo_commit,
.abort = nft_pipapo_abort,
+ .abort_skip_removal = true,
.elemsize = offsetof(struct nft_pipapo_elem, ext),
},
};
@@ -2394,6 +2395,7 @@ const struct nft_set_type nft_set_pipapo_avx2_type = {
.gc_init = nft_pipapo_gc_init,
.commit = nft_pipapo_commit,
.abort = nft_pipapo_abort,
+ .abort_skip_removal = true,
.elemsize = offsetof(struct nft_pipapo_elem, ext),
},
};
--
2.47.3
next prev parent reply other threads:[~2026-01-15 12:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-15 12:43 [PATCH nf-next,v1 0/3] convert rbtree to binary search array Pablo Neira Ayuso
2026-01-15 12:43 ` Pablo Neira Ayuso [this message]
2026-01-15 14:59 ` [PATCH nf-next,v1 1/3] netfilter: nf_tables: add .abort_skip_removal flag for set types Florian Westphal
2026-01-15 12:43 ` [PATCH nf-next,v1 2/3] netfilter: nft_set_rbtree: translate rbtree to array for binary search Pablo Neira Ayuso
2026-01-16 4:21 ` kernel test robot
2026-01-15 12:43 ` [PATCH nf-next,v1 3/3] netfilter: nft_set_rbtree: use binary search array in get command Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260115124322.90712-2-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox