diff mbox series

[net,1/3] netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only

Message ID 20250403115752.19608-2-pablo@netfilter.org (mailing list archive)
State Accepted
Commit 9d74da1177c800eb3d51c13f9821b7b0683845a5
Delegated to: Netdev Maintainers
Headers show
Series [net,1/3] netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only | expand

Checks

Context Check Description
netdev/series_format success Pull request is its own cover letter
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 2 maintainers not CCed: coreteam@netfilter.org kadlec@netfilter.org
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2025-04-04--00-00 (tests: 911)

Commit Message

Pablo Neira Ayuso April 3, 2025, 11:57 a.m. UTC 
conncount has its own GC handler which determines when to reap stale
elements, this is convenient for dynamic sets. However, this also reaps
non-dynamic sets with static configurations coming from control plane.
Always run connlimit gc handler but honor feedback to reap element if
this set is dynamic.

Fixes: 290180e2448c ("netfilter: nf_tables: add connlimit support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_set_hash.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

patchwork-bot+netdevbpf@kernel.org April 4, 2025, 12:20 a.m. UTC | #1 
Hello:

This series was applied to netdev/net.git (main)
by Pablo Neira Ayuso <pablo@netfilter.org>:

On Thu,  3 Apr 2025 13:57:50 +0200 you wrote:
> conncount has its own GC handler which determines when to reap stale
> elements, this is convenient for dynamic sets. However, this also reaps
> non-dynamic sets with static configurations coming from control plane.
> Always run connlimit gc handler but honor feedback to reap element if
> this set is dynamic.
> 
> Fixes: 290180e2448c ("netfilter: nf_tables: add connlimit support")
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> 
> [...]

Here is the summary with links:
  - [net,1/3] netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
    https://git.kernel.org/netdev/net/c/9d74da1177c8
  - [net,2/3] netfilter: nf_tables: don't unregister hook when table is dormant
    https://git.kernel.org/netdev/net/c/688c15017d5c
  - [net,3/3] netfilter: nft_tunnel: fix geneve_opt type confusion addition
    https://git.kernel.org/netdev/net/c/1b755d8eb1ac

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index 8bfac4185ac7..abb0c8ec6371 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -309,7 +309,8 @@  static bool nft_rhash_expr_needs_gc_run(const struct nft_set *set,
 
 	nft_setelem_expr_foreach(expr, elem_expr, size) {
 		if (expr->ops->gc &&
-		    expr->ops->gc(read_pnet(&set->net), expr))
+		    expr->ops->gc(read_pnet(&set->net), expr) &&
+		    set->flags & NFT_SET_EVAL)
 			return true;
 	}