git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 18 Jan 2017 17:30:13 +0000 (18:30 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 8 Feb 2017 13:16:21 +0000 (14:16 +0100)
commit	18d2a5721b0afe0ad228795341e9c0615ab96d20
tree	258b7402cf9fa6e533dfb850983a17a3beb425bd	tree \| snapshot
parent	eec644d860ccc156230e79a13f7a4d4a21d793b6	commit \| diff

netfilter: nf_tables: add bitmap set type

This patch adds a new bitmap set type. This bitmap uses two bits to
represent one element. These two bits determine the element state in the
current and the future generation that fits into the nf_tables commit
protocol. When dumping elements back to userspace, the two bits are
expanded into a struct nft_set_ext object.

If no NFTA_SET_DESC_SIZE is specified, the existing automatic set
backend selection prefers bitmap over hash in case of keys whose size is
<= 16 bit. If the set size is know, the bitmap set type is selected if
with 16 bit kets and more than 390 elements in the set, otherwise the
hash table set implementation is used.

For 8 bit keys, the bitmap consumes 66 bytes. For 16 bit keys, the
bitmap takes 16388 bytes.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nft_set_bitmap.c	[new file with mode: 0644]	blob