Re: [PATCH 0/5] netfilter updates for net-next (upcoming 3.5), batch 2

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: David Miller <davem@davemloft.net>
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: [PATCH 0/5] netfilter updates for net-next (upcoming 3.5), batch 2
Date: Mon, 14 May 2012 10:21:31 +0200	[thread overview]
Message-ID: <20120514082131.GA9524@1984> (raw)
In-Reply-To: <20120509.181119.549113304045405166.davem@davemloft.net>

[-- Attachment #1: Type: text/plain, Size: 1178 bytes --]

On Wed, May 09, 2012 at 06:11:19PM -0400, David Miller wrote:
> From: pablo@netfilter.org
> Date: Wed,  9 May 2012 13:33:03 +0200
> 
> > This is a second batch of netfilter updates for net-next, they contain:
> > 
> > * The new HMARK target from Hans Schillstrom. It took lots of spins
> >   to get this into shape. This target provides a hash-based packet / flow
> >   pre-classifier for iptables that can be used to distribute packets
> >   / flows between uplinks and backend servers. It provides to modes, one
> >   that relies on conntrack, and one that is stateless per-packet.
> > 
> > * Byte-based cost calculation for the hashlimit match, to detect when
> >   a host consumes more bandwidth than expected. This patch from Florian
> >   Westphal.
> > 
> > You can pull these changes from:
> > 
> > git://1984.lsi.us.es/net-next
> 
> Pulled.
> 
> Two suggested improvements:
> 
> 1) The HMARK hash is quite expensive, because it uses a modulus.
> 
>    Consider adjusting it to use the usual trick:
> 
> 	((u64)(HASH_VAL * HASH_SIZE)) >> 32
> 
>    so that this can be a multiply instead of a modulus.

I'll enqueue the patch attached for this. Thanks for spotting this.

[-- Attachment #2: 0001-netfilter-xt_HMARK-modulus-is-expensive-for-hash-cal.patch --]
[-- Type: text/x-diff, Size: 964 bytes --]

>From 3b81af711d639cdcf820836bad6b4ac0f5a761fa Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 14 May 2012 02:01:46 +0200
Subject: [PATCH] netfilter: xt_HMARK: modulus is expensive for hash
 calculation

Use:

((u64)(HASH_VAL * HASH_SIZE)) >> 32

as suggested by David S. Miller.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/xt_HMARK.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/xt_HMARK.c b/net/netfilter/xt_HMARK.c
index 5817d03..0a96a43 100644
--- a/net/netfilter/xt_HMARK.c
+++ b/net/netfilter/xt_HMARK.c
@@ -109,7 +109,7 @@ hmark_hash(struct hmark_tuple *t, const struct xt_hmark_info *info)
 	hash = jhash_3words(t->src, t->dst, t->uports.v32, info->hashrnd);
 	hash = hash ^ (t->proto & info->proto_mask);
 
-	return (hash % info->hmodulus) + info->hoffset;
+	return (((u64)hash * info->hmodulus) >> 32) + info->hoffset;
 }
 
 static void
-- 
1.7.10

     prev parent reply	other threads:[~2012-05-14  8:21 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-05-09 11:33 [PATCH 0/5] netfilter updates for net-next (upcoming 3.5), batch 2 pablo
2012-05-09 11:33 ` [PATCH 1/5] netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() pablo
2012-05-09 11:33 ` [PATCH 2/5] netfilter: add xt_hmark target for hash-based skb marking pablo
2012-05-09 11:33 ` [PATCH 3/5] netfilter: limit, hashlimit: avoid duplicated inline pablo
2012-05-09 11:33 ` [PATCH 4/5] netfilter: hashlimit: move rateinfo initialization to helper pablo
2012-05-09 11:33 ` [PATCH 5/5] netfilter: hashlimit: byte-based limit mode pablo
2012-05-09 13:04 ` [PATCH 0/5] netfilter updates for net-next (upcoming 3.5), batch 2 Eric Dumazet
2012-05-09 22:11 ` David Miller
2012-05-14  8:21   ` Pablo Neira Ayuso [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5817d03 dfblob:0a96a43 )
 OR (
bs:"netfilter: xt_HMARK: modulus is expensive for hash" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20120514082131.GA9524@1984 \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.