From: Patrick McHardy <kaber@trash.net>
To: Daniel Borkmann <daniel@iogearbox.net>
Cc: Thomas Graf <tgraf@suug.ch>,
"Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
davem@davemloft.net, alexei.starovoitov@gmail.com,
herbert@gondor.apana.org.au, ying.xue@windriver.com,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org,
josh@joshtriplett.org, johunt@akamai.com
Subject: Re: Ottawa and slow hash-table resize
Date: Tue, 24 Feb 2015 10:42:33 +0000 [thread overview]
Message-ID: <20150224104232.GK3713@acer.localdomain> (raw)
In-Reply-To: <54EC46AB.3030302@iogearbox.net>
On 24.02, Daniel Borkmann wrote:
> On 02/24/2015 09:59 AM, Thomas Graf wrote:
> >On 02/23/15 at 10:49am, Paul E. McKenney wrote:
> >>Hello!
> >>
> >>Alexei mentioned that there was some excitement a couple of weeks ago in
> >>Ottawa, something about the resizing taking forever when there were large
> >>numbers of concurrent additions. One approach comes to mind:
> >
> >@Dave et al,
> >Just want to make sure we have the same level of understanding of
> >urgency for this. The only practical problem experienced so far is
> >loading n*1M entries into an nft_hash set which takes 3s for 4M
> >entries upon restore. A regular add is actually fine as it provides
> >a hint and sizes the table accordingly.
>
> Btw, there is one remaining bug in nft that Josh Hunt found which
> should go into 3.20/4.0, it's not in -net tree, so it could have
> affected testing with nft. We're currently missing max_shift
> parameter in nft's rhashtable initialization.
>
> This means that there will be _no_ expansions as rht_grow_above_75()
> will end up always returning false. It's not that dramatic when you
> have a proper hint provided, but when you start out small
> (NFT_HASH_ELEMENT_HINT = 3) and try to squeeze 1M entries into it,
> it might take a while.
>
> Simplest fix would be, similarly as in other users:
>
> diff --git a/net/netfilter/nft_hash.c b/net/netfilter/nft_hash.c
> index 61e6c40..47abdca 100644
> --- a/net/netfilter/nft_hash.c
> +++ b/net/netfilter/nft_hash.c
> @@ -192,6 +192,7 @@ static int nft_hash_init(const struct nft_set *set,
> .key_offset = offsetof(struct nft_hash_elem, key),
> .key_len = set->klen,
> .hashfn = jhash,
> + .max_shift = 20, /* 1M */
> .grow_decision = rht_grow_above_75,
> .shrink_decision = rht_shrink_below_30,
> };
>
> But I presume Josh wanted to resend his code ... or wait for nft
> folks to further review?
We're perfectly fine with that patch, although I'd say lets use a
slightly larger value (24) to cover what we know people are doing
using ipset.
next prev parent reply other threads:[~2015-02-24 10:42 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-02-23 18:49 Ottawa and slow hash-table resize Paul E. McKenney
2015-02-23 19:12 ` josh
2015-02-23 21:03 ` Thomas Graf
2015-02-23 21:52 ` Paul E. McKenney
2015-02-23 22:32 ` David Miller
2015-02-23 23:06 ` Paul E. McKenney
2015-02-24 8:37 ` Thomas Graf
2015-02-24 10:39 ` Patrick McHardy
2015-02-24 10:46 ` David Laight
2015-02-24 10:48 ` Patrick McHardy
2015-02-24 17:09 ` David Miller
2015-02-24 17:50 ` Thomas Graf
2015-02-24 18:26 ` David Miller
2015-02-24 18:45 ` josh
2015-02-24 22:34 ` Thomas Graf
2015-02-25 8:56 ` Herbert Xu
2015-02-25 17:38 ` Thomas Graf
2015-02-24 18:33 ` josh
2015-02-25 8:55 ` Herbert Xu
2015-02-25 17:38 ` Thomas Graf
2015-02-23 21:00 ` Thomas Graf
2015-02-23 22:35 ` Paul E. McKenney
2015-02-24 8:59 ` Thomas Graf
2015-02-24 9:38 ` Daniel Borkmann
2015-02-24 10:42 ` Patrick McHardy [this message]
2015-02-24 16:14 ` Josh Hunt
2015-02-24 16:25 ` Patrick McHardy
2015-02-24 16:57 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2015-02-23 22:17 Alexei Starovoitov
2015-02-23 22:34 ` David Miller
2015-02-23 22:37 ` Paul E. McKenney
2015-02-23 23:07 Alexei Starovoitov
2015-02-23 23:15 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150224104232.GK3713@acer.localdomain \
--to=kaber@trash.net \
--cc=alexei.starovoitov@gmail.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=johunt@akamai.com \
--cc=josh@joshtriplett.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
--cc=tgraf@suug.ch \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox