Re: [PATCH nf-next] netfilter: nf_tables: store new sets in dedicated list

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org, Nadia Pinaeva <n.m.pinaeva@gmail.com>
Subject: Re: [PATCH nf-next] netfilter: nf_tables: store new sets in dedicated list
Date: Mon, 19 Aug 2024 18:33:30 +0200	[thread overview]
Message-ID: <ZsNz2lTEqLsiIn6R@calendula> (raw)
In-Reply-To: <20240710085835.1957-1-fw@strlen.de>

On Wed, Jul 10, 2024 at 10:58:29AM +0200, Florian Westphal wrote:
> nft_set_lookup_byid() is very slow when transaction becomes large, due to
> walk of the transaction list.
> 
> Add a dedicated list that contains only the new sets.
> 
> Before: nft -f ruleset 0.07s user 0.00s system 0% cpu 1:04.84 total
> After: nft -f ruleset 0.07s user 0.00s system 0% cpu 30.115 total
> 
> .. where ruleset contains ~10 sets with ~100k elements.
> The above number is for a combined flush+reload of the ruleset.
> 
> With previous flush, even the first NEWELEM has to walk through a few
> hundred thousands of DELSET(ELEM) transactions before the first NEWSET
> object. To cope with random-order-newset-newsetelem we'd need to replace
> commit_set_list with a hashtable.
> 
> Expectation is that a NEWELEM operation refers to the most recently added
> set, so last entry of the dedicated list should be the set we want.
> 
> NB: This is not a bug fix per se (functionality is fine), but with
> larger transaction batches list search takes forever, so it would be
> nice to speed this up for -stable too, hence adding a "fixes" tag.

applied to nf-next, thanks

     prev parent reply	other threads:[~2024-08-19 16:33 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-07-10  8:58 [PATCH nf-next] netfilter: nf_tables: store new sets in dedicated list Florian Westphal
2024-08-19 16:33 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZsNz2lTEqLsiIn6R@calendula \
    --to=pablo@netfilter.org \
    --cc=fw@strlen.de \
    --cc=n.m.pinaeva@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.