review.tizen.org Git - platform/kernel/linux-exynos.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 18 Jan 2017 17:30:13 +0000 (18:30 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 8 Feb 2017 13:16:21 +0000 (14:16 +0100)
commit	665153ff575207f3a092cfcea3c51238612a7b58
tree	258b7402cf9fa6e533dfb850983a17a3beb425bd	tree \| snapshot
parent	0b5a78749260560f41e3b7c1f60f2c7dd9aff4f0	commit \| diff

netfilter: nf_tables: add bitmap set type

This patch adds a new bitmap set type. This bitmap uses two bits to
represent one element. These two bits determine the element state in the
current and the future generation that fits into the nf_tables commit
protocol. When dumping elements back to userspace, the two bits are
expanded into a struct nft_set_ext object.

If no NFTA_SET_DESC_SIZE is specified, the existing automatic set
backend selection prefers bitmap over hash in case of keys whose size is
<= 16 bit. If the set size is know, the bitmap set type is selected if
with 16 bit kets and more than 390 elements in the set, otherwise the
hash table set implementation is used.

For 8 bit keys, the bitmap consumes 66 bytes. For 16 bit keys, the
bitmap takes 16388 bytes.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/Kconfig		diff \| blob \| history
net/netfilter/Makefile		diff \| blob \| history
net/netfilter/nft_set_bitmap.c	[new file with mode: 0644]	blob