Re: [RFC][PATCH] optimise iptables interface matching

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Henrik Nordstrom <henrik@henriknordstrom.net>
Cc: netfilter-devel@lists.netfilter.org, Philip Craig <philipc@snapgear.com>
Subject: Re: [RFC][PATCH] optimise iptables interface matching
Date: Tue, 29 May 2007 11:54:07 +0200	[thread overview]
Message-ID: <465BF83F.2050702@trash.net> (raw)
In-Reply-To: <1180381991.6505.46.camel@henriknordstrom.net>

Henrik Nordstrom wrote:
> lör 2007-05-26 klockan 11:20 +0200 skrev Patrick McHardy:
> 
> 
>>We can add flags for new features, but not flags that are required to
>>be set to behave compatible since that would break iptables userspace
>>for old kernels.
> 
> 
> But the proposed change is completely transparent to userspace... the
> use of the new flags is purely kernel-only and not visible to
> userspace..


Yes, certainly, that statement was not specific to this patch.

> The drawback is that it reduces the possible new flags which might be
> added by two bits, or if put another way reduces the flags field from 8
> to 6 bits, leaving only 3 unused flag bits for future flag type
> expansions.
>
> 
> But I am a little curious.. how much difference would it yield if simply
> the loop was instead changed to terminate on string end instead of
> always iterating over the max interface name length..
> 
>         for (i = 0, ret = 0; ((const unsigned long *)ipinfo->outiface_mask)[i] && i < IFNAMSIZ/sizeof(unsigned long); i++) {
> 		...
>         }
> 
> instead of
> 
>         for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) {
> 		...
> 	}
> 
> plus a small change to the userspace to zero the mask after the first \0
> in the interface name on exact matches.


It already does that I think. This sounds like a good alternative,
I'd be interested to see how much improvement it yields.

     prev parent reply	other threads:[~2007-05-29  9:54 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-24  5:55 [RFC][PATCH] optimise iptables interface matching Philip Craig
2007-05-24 17:43 ` Patrick McHardy
2007-05-24 23:07   ` Philip Craig
2007-05-26  8:47     ` Patrick McHardy
2007-05-25  0:44 ` Yasuyuki KOZAKAI
2007-05-25  0:56   ` Philip Craig
2007-05-25  4:11     ` Yasuyuki KOZAKAI
2007-05-26  9:20     ` Patrick McHardy
2007-05-28 19:53       ` Henrik Nordstrom
2007-05-29  0:24         ` Philip Craig
2007-05-30  1:34           ` Henrik Nordstrom
2007-06-06  5:49             ` Philip Craig
2007-06-06  6:13               ` Eric Dumazet
2007-05-29  9:54         ` Patrick McHardy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=465BF83F.2050702@trash.net \
    --to=kaber@trash.net \
    --cc=henrik@henriknordstrom.net \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=philipc@snapgear.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.