github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-04 12:35:52 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph

netfilter: nf_tables: add .abort_skip_removal flag for set types

Browse Source 
The pipapo set backend is the only user of the .abort interface so far.
To speed up pipapo abort path, removals are skipped.

The follow up patch updates the rbtree to use to build an array of
ordered elements, then use binary search. This needs a new .abort
interface but, unlike pipapo, it also need to undo/remove elements.

Add a flag and use it from the pipapo set backend.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
This commit is contained in:
Pablo Neira Ayuso 2026-01-21 01:08:44 +01:00 committed by Florian Westphal
parent b00a7b3a61
commit f175b46d91
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/net/netfilter/nf_tables.h
View File

@ -451,6 +451,7 @@ struct nft_set_ext;
* @init: initialize private data of new set instance
* @destroy: destroy private data of set instance
* @gc_init: initialize garbage collection
* @abort_skip_removal: skip removal of elements from abort path
* @elemsize: element private size
*
* Operations lookup, update and delete have simpler interfaces, are faster
@ -508,6 +509,7 @@ struct nft_set_ops {
const struct nft_set *set);
void (*gc_init)(const struct nft_set *set);
bool abort_skip_removal;
unsigned int elemsize;
};

3
net/netfilter/nf_tables_api.c
View File

@ -7807,7 +7807,8 @@ static bool nft_trans_elems_new_abort(const struct nft_ctx *ctx,
continue;
}
if (!te->set->ops->abort || nft_setelem_is_catchall(te->set, te->elems[i].priv))
if (!te->set->ops->abort_skip_removal ||
nft_setelem_is_catchall(te->set, te->elems[i].priv))
nft_setelem_remove(ctx->net, te->set, te->elems[i].priv);
if (!nft_setelem_is_catchall(te->set, te->elems[i].priv))

2
net/netfilter/nft_set_pipapo.c
View File

@ -2370,6 +2370,7 @@ const struct nft_set_type nft_set_pipapo_type = {
.gc_init = nft_pipapo_gc_init,
.commit = nft_pipapo_commit,
.abort = nft_pipapo_abort,
.abort_skip_removal = true,
.elemsize = offsetof(struct nft_pipapo_elem, ext),
},
};
@ -2394,6 +2395,7 @@ const struct nft_set_type nft_set_pipapo_avx2_type = {
.gc_init = nft_pipapo_gc_init,
.commit = nft_pipapo_commit,
.abort = nft_pipapo_abort,
.abort_skip_removal = true,
.elemsize = offsetof(struct nft_pipapo_elem, ext),
},
};