From: Florian Westphal <fw@strlen.de>
To: Scott Mitchell <scott.k.mitch1@gmail.com>
Cc: pablo@netfilter.org, kadlec@netfilter.org, phil@nwl.cc,
davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, horms@kernel.org,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
Scott Mitchell <scott_mitchell@apple.com>
Subject: Re: [PATCH] netfilter: nfnetlink_queue: optimize verdict lookup with hash table
Date: Thu, 13 Nov 2025 00:10:16 +0100 [thread overview]
Message-ID: <aRUT2PIAqo3VY9SJ@strlen.de> (raw)
In-Reply-To: <20251112160333.30883-1-scott_mitchell@apple.com>
Scott Mitchell <scott.k.mitch1@gmail.com> wrote:
> static inline u_int8_t instance_hashfn(u_int16_t queue_num)
> {
> return ((queue_num >> 8) ^ queue_num) % INSTANCE_BUCKETS;
> @@ -114,13 +153,63 @@ instance_lookup(struct nfnl_queue_net *q, u_int16_t queue_num)
> return NULL;
> }
>
> +static int
> +nfqnl_hash_resize(struct nfqnl_instance *inst, u32 hash_size)
> +{
> + struct hlist_head *new_hash, *old_hash;
> + struct nf_queue_entry *entry;
> + unsigned int h, hash_mask;
> +
> + /* lock scope includes kcalloc/kfree to bound memory if concurrent resizes.
> + * lock scope could be reduced to exclude the kcalloc/kfree at the cost
> + * of increased code complexity (re-check of hash_size) and relaxed memory
> + * bounds (concurrent resize may each do allocations). since resize is
> + * expected to be rare, the broader lock scope is simpler and preferred.
> + */
I'm all for simplicity. but I don't see how concurrent resizes are
possible. NFQNL_MSG_CONFIG runs under nfnetlink subsystem mutex.
Or did I miss something?
> + new_hash = kcalloc(hash_size, sizeof(*new_hash), GFP_ATOMIC);
Since the hash table could be large I would prefer if this could
be GFP_KERNEL_ACCOUNT + kvcalloc to permit vmalloc fallback.
> + if (nfqa[NFQA_CFG_HASH_SIZE]) {
> + hash_size = ntohl(nla_get_be32(nfqa[NFQA_CFG_HASH_SIZE]));
> + }
Nit, no { } here.
next prev parent reply other threads:[~2025-11-12 23:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-12 16:03 [PATCH] netfilter: nfnetlink_queue: optimize verdict lookup with hash table Scott Mitchell
2025-11-12 23:10 ` Florian Westphal [this message]
2025-11-13 9:14 ` Scott Mitchell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aRUT2PIAqo3VY9SJ@strlen.de \
--to=fw@strlen.de \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=horms@kernel.org \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=phil@nwl.cc \
--cc=scott.k.mitch1@gmail.com \
--cc=scott_mitchell@apple.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.