From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>,
netfilter-devel@vger.kernel.org, eric@garver.life
Subject: Re: [PATCH nft] json: collapse set element commands from parser
Date: Tue, 5 Nov 2024 17:51:35 +0100 [thread overview]
Message-ID: <ZypNF7HzKrjl0w9s@calendula> (raw)
In-Reply-To: <ZyofFLveeueZuJPH@orbyte.nwl.cc>
Hi Phil,
On Tue, Nov 05, 2024 at 02:35:16PM +0100, Phil Sutter wrote:
> On Thu, Oct 31, 2024 at 11:04:11PM +0100, Pablo Neira Ayuso wrote:
> > Update json parser to collapse {add,create} element commands to reduce
> > memory consumption in the case of large sets defined by one element per
> > command:
> >
> > {"nftables": [{"add": {"element": {"family": "ip", "table": "x", "name":
> > "y", "elem": [{"set": ["1.1.0.0"]}]}}},...]}
>
> Thanks for the fix!
>
> > Add CTX_F_COLLAPSED flag to report that command has been collapsed.
>
> I had come up with a similar solution (but did not find time to submit
> it last week). My solution to the "what to return" problem was to
> introduce a 'static struct cmd cmd_nop' and return its address. Your
> flag way is fine, too from my PoV.
OK, I'm going to push it out then.
> > This patch reduces memory consumption by ~32% this case.
> >
> > Fixes: 20f1c60ac8c8 ("src: collapse set element commands from parser")
> > Reported-by: Eric Garver <eric@garver.life>
> > Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> > ---
> > Side note: While profiling, I can still see lots json objects, this
> > results in memory consumption that is 5 times than native
> > representation. Error reporting is also lagging behind, it should be
> > possible to add a json_t pointer to struct location to relate
> > expressions and json objects.
>
> I can have a look at mem use if I find spare time (TM).
I understand, that is always the issue.
> We already record links between struct cmd and json_t objects for echo
> mode (and only then). The problem with error reporting in my opinion is
> the lack of location data in json_t. You might remember, I tried to
> extend libjansson to our needs but my MR[1] is being ignored for more
> than a year now. Should we just ship an extended copy in nftables?
Do you still have the link with your proposal around? I don't find it
in my notes anymore.
IIRC the rejection came from concerns about increasing memory usage
for our specific usecase, that was an extra pointer to store location,
correct?
Thanks.
next prev parent reply other threads:[~2024-11-05 16:51 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-31 22:04 [PATCH nft] json: collapse set element commands from parser Pablo Neira Ayuso
2024-11-01 14:55 ` Eric Garver
2024-11-05 13:35 ` Phil Sutter
2024-11-05 16:51 ` Pablo Neira Ayuso [this message]
2024-11-05 17:07 ` Phil Sutter
2024-11-13 11:08 ` improving json error reporting [was Re: [PATCH nft] json: collapse set element commands from parser] Pablo Neira Ayuso
2024-11-13 14:18 ` Phil Sutter
2024-11-12 20:52 ` [PATCH nft] json: collapse set element commands from parser Phil Sutter
2024-11-13 11:01 ` Pablo Neira Ayuso
2024-11-13 11:34 ` Pablo Neira Ayuso
2024-11-13 14:35 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZypNF7HzKrjl0w9s@calendula \
--to=pablo@netfilter.org \
--cc=eric@garver.life \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox