From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
Netfilter Developer Mailing List
<netfilter-devel@vger.kernel.org>,
xiaosuo@gmail.com
Subject: Re: [PATCH] netfilter: xtables: introduce xt_length revision 2½
Date: Mon, 02 Aug 2010 18:01:49 +0200 [thread overview]
Message-ID: <4C56EBED.7030708@trash.net> (raw)
In-Reply-To: <alpine.LSU.2.01.1007241344270.11738@obet.zrqbmnf.qr>
On 24.07.2010 14:27, Jan Engelhardt wrote:
>
> On Saturday 2010-07-24 13:42, Eric Dumazet wrote:
>>> +static bool
>>> +length2_mt(const struct sk_buff *skb, struct xt_action_param *par)
>>> +{
>>> + const struct xt_length_mtinfo2 *info = par->matchinfo;
>>> + const struct iphdr *iph = ip_hdr(skb);
>>> + unsigned int len = 0;
>>> + bool hit = true;
>>> +
>>> + if (info->flags & XT_LENGTH_LAYER3)
>>> + len = ntohs(iph->tot_len);
>>> + else if (info->flags & XT_LENGTH_LAYER4)
>>> + len = ntohs(iph->tot_len) - par->thoff;
>>> + else if (info->flags & XT_LENGTH_LAYER5)
>>> + hit = xtlength_layer5(&len, skb, iph->protocol, par->thoff);
>>> + else if (info->flags & XT_LENGTH_LAYER7)
>>> + hit = xtlength_layer7(&len, skb, iph->protocol, par->thoff);
>>> + if (!hit)
>>> + return false;
>>> +
>>> + return (len >= info->min && len <= info->max) ^
>>> + !!(info->flags & XT_LENGTH_INVERT);
>>> +}
>>
>>
>> This serie of tests is expensive and useless.
>>
>> - A switch() would be faster,
>> - if you dont use a bit mask, but continuous values to get the layer.
>> - Also, using a u16 is more expensive than a u32.
>> - On x86, compiler is forced to use prefixes or conversions instructions
>> (movzwl), this makes code bigger.
>
> I might agree with u16/u32 in that some CPUs need to run an extra
> "AND" when they don't have (movw/cmpw), but... the other things
> cast my doubts.
>
> C does not specify a "speed" for switch or if. I agree that some
> constructs may desire to be reworked to work around limitations of
> the compiler's smartness, but in the case that is before us, it looks
> like some of your arguments have no base - at least on x86_64.
>
> length2_mt as it stands (bitmask, u16, if): 800 bytes
> length2_mt with u32 flag: 800 bytes
> length2_mt with switch: 800 bytes
> length2_mt with continuous values and u32: 816 bytes
> length2_mt with cont.v, u32, and switch: 816 bytes
>
> The compiler is smart enough to see that a run of if tests against
> the same variable with different values is transformable into a
> switch statement.
They are mutually exclusive though, so using a bitmask doesn't make
much sense.
next prev parent reply other threads:[~2010-08-02 16:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-24 8:55 [PATCH] netfilter: xtables: introduce xt_length revision 2 Jan Engelhardt
2010-07-24 11:42 ` Eric Dumazet
2010-07-24 12:27 ` [PATCH] netfilter: xtables: introduce xt_length revision 2½ Jan Engelhardt
2010-08-02 16:01 ` Patrick McHardy [this message]
2010-08-02 17:01 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C56EBED.7030708@trash.net \
--to=kaber@trash.net \
--cc=eric.dumazet@gmail.com \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=xiaosuo@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.