From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next 0/9] nf_tables set updates
Date: Wed, 24 May 2017 11:50:44 +0200 [thread overview]
Message-ID: <1495619453-22307-1-git-send-email-pablo@netfilter.org> (raw)
Hi,
The following patchset contains updates for the nf_tables set
infrastructure, specifically new infrastructure to select between
several set backend operation of one single type, a new fixed hashtable
set implementation and general performance improvements for the
hashtable set type:
1) Remove unnecessary forward declaration in nft_set_hash.
2) Do not lie to the set backend selection algorithm. If we don't know the
number of set elements, we cannot provide any size. We now have the
memory scalability notation to use it in this case.
3) Rename nft_hash_ to nft_rhash_ for the resizable hash implementation.
4) Pass set description to ->privsize, this is required by the new fixed
size hashtable implementation.
5) Add nft_hash_buckets() helper function to calculate the number of
hashtable buckets both for fixed and resizable hashtables.
6) Add infrastructure to select between several set backend variants,
so we can accomodate the fixed hashtable implementation in the
nf_tables hashtable set type.
7) Allow large allocation for new sets, the fixed size hashtable places
the bucket array in a flexible array, and its size may trigger memory
allocation failures via kmalloc(), thus, fall back to vmalloc().
8) Add faster fixed size hashtable implementation. ~10% faster than the
resizable hashtable, and this is just ~200 lines of code of a very
simple hashtable implementation.
9) Add faster 2-byte and 4-byte lookup function for fixed hashtable,
using the new set operation selection infrastructure.
Pablo Neira Ayuso (9):
netfilter: nft_set_hash: unnecessary forward declaration
netfilter: nf_tables: no size estimation if number of set elements is unknown
netfilter: nft_set_hash: use nft_rhash prefix for resizable set backend
netfilter: nf_tables: select set backend flavour depending on description
netfilter: nf_tables: pass set description to ->privsize
netfilter: nft_set_hash: add nft_hash_buckets()
netfilter: nf_tables: allow large allocations for new sets
netfilter: nft_set_hash: add non-resizable hashtable implementation
netfilter: nft_set_hash: add lookup variant for fixed size hashtable
include/net/netfilter/nf_tables.h | 29 ++-
net/netfilter/nf_tables_api.c | 80 ++++---
net/netfilter/nft_set_bitmap.c | 13 +-
net/netfilter/nft_set_hash.c | 471 +++++++++++++++++++++++++++++---------
net/netfilter/nft_set_rbtree.c | 21 +-
5 files changed, 457 insertions(+), 157 deletions(-)
--
2.1.4
next reply other threads:[~2017-05-24 9:51 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-24 9:50 Pablo Neira Ayuso [this message]
2017-05-24 9:50 ` [PATCH nf-next 1/9] netfilter: nft_set_hash: unnecessary forward declaration Pablo Neira Ayuso
2017-05-24 9:50 ` [PATCH nf-next 2/9] netfilter: nf_tables: no size estimation if number of set elements is unknown Pablo Neira Ayuso
2017-05-24 9:50 ` [PATCH nf-next 3/9] netfilter: nft_set_hash: use nft_rhash prefix for resizable set backend Pablo Neira Ayuso
2017-05-24 9:50 ` [PATCH nf-next 4/9] netfilter: nf_tables: select set backend flavour depending on description Pablo Neira Ayuso
2017-05-24 9:50 ` [PATCH nf-next 5/9] netfilter: nf_tables: pass set description to ->privsize Pablo Neira Ayuso
2017-05-24 9:50 ` [PATCH nf-next 6/9] netfilter: nft_set_hash: add nft_hash_buckets() Pablo Neira Ayuso
2017-05-24 9:50 ` [PATCH nf-next 7/9] netfilter: nf_tables: allow large allocations for new sets Pablo Neira Ayuso
2017-05-26 10:02 ` Liping Zhang
2017-05-26 10:18 ` Pablo Neira Ayuso
2017-05-26 10:33 ` Liping Zhang
2017-05-24 9:50 ` [PATCH nf-next 8/9] netfilter: nft_set_hash: add non-resizable hashtable implementation Pablo Neira Ayuso
2017-05-24 10:14 ` Pablo Neira Ayuso
2017-05-24 9:50 ` [PATCH nf-next 9/9] netfilter: nft_set_hash: add lookup variant for fixed size hashtable Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1495619453-22307-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).