From: Pablo Neira Ayuso <pablo@netfilter.org>
To: alexandre.ferrieux@orange.com
Cc: Florian Westphal <fw@strlen.de>, netfilter-devel@vger.kernel.org
Subject: Re: nfnetlink_queue -- why linear lookup ?
Date: Mon, 16 Aug 2021 13:19:52 +0200 [thread overview]
Message-ID: <20210816111952.GA13488@salvia> (raw)
In-Reply-To: <19560_1629111179_611A438B_19560_274_1_0633ee7a-2660-91b4-f1d7-adc727864376@orange.com>
On Mon, Aug 16, 2021 at 12:53:33PM +0200, alexandre.ferrieux@orange.com wrote:
>
>
> On 8/16/21 11:05 AM, Pablo Neira Ayuso wrote:
> > On Sun, Aug 15, 2021 at 08:47:04PM +0200, alexandre.ferrieux@orange.com wrote:
> > >
> > >
> > > [...] to maintain the hashtable, we need to bother the "normal" code path
> > > with hash_add/del. Not much, but still, some overhead...
> >
> > Probably you can collect some numbers to make sure this is not a
> > theoretical issue.
>
> 'k, will do :)
>
> > > Yes, a full spectrum of batching methods are possible. If we're to minimize
> > > the number of bytes crossing the kernel/user boundary though, an array of
> > > ids looks like the way to go (4 bytes per packet, assuming uint32 ids).
> >
> > Are you proposing a new batching mechanism?
>
> Well, the problem is backwards compatibility. Indeed I'd propose more
> flexible batching via an array of ids instead of a maxid. But the main added
> value of this flexibility is to enable reused-small-integers ids, like file
> descriptors. As long as the maxid API remains in place, this is impossible.
OK, I'll compare this to the sendmsg() call including several netlink
messages once you send your patch.
> > > That being said, the Doxygen of the userland nfqueue API mentions being
> > > DEPRECATED... So what is the recommended replacement ?
> >
> > What API are you refering to specifically?
>
> I'm referring to the nfq API documented here:
>
> https://www.netfilter.org/projects/libnetfilter_queue/doxygen/html/group__Queue.html
>
> It starts with "Queue handling [DEPRECATED]"...
libmnl is preferred these days, specifically for advanced stuff.
I've been getting reports from users about this old API: It is simple
enough and people don't have to deal with netlink details to get
packets from the kernel for simple stuff.
Probably we should turn this deprecation into using libmnl and the
helpers that libnetfilter_queue provides is recommended. Or translate
this old API to use libmnl behind the curtain.
next prev parent reply other threads:[~2021-08-16 11:20 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-13 11:55 nfnetlink_queue -- why linear lookup ? alexandre.ferrieux
2021-08-14 21:01 ` Florian Westphal
2021-08-14 21:05 ` alexandre.ferrieux
2021-08-14 21:12 ` Florian Westphal
2021-08-15 12:17 ` alexandre.ferrieux
2021-08-15 13:07 ` Pablo Neira Ayuso
2021-08-15 13:32 ` alexandre.ferrieux
2021-08-15 14:12 ` Pablo Neira Ayuso
2021-08-15 18:47 ` alexandre.ferrieux
2021-08-16 9:05 ` Pablo Neira Ayuso
2021-08-16 10:53 ` alexandre.ferrieux
2021-08-16 10:56 ` Florian Westphal
2021-08-16 11:07 ` alexandre.ferrieux
2021-08-16 11:19 ` Pablo Neira Ayuso [this message]
2021-08-16 11:42 ` Duncan Roe
2021-08-16 12:04 ` Duncan Roe
2021-08-16 16:10 ` Pablo Neira Ayuso
2021-08-16 16:15 ` Florian Westphal
2021-08-17 4:03 ` Duncan Roe
2021-08-15 13:33 ` alexandre.ferrieux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210816111952.GA13488@salvia \
--to=pablo@netfilter.org \
--cc=alexandre.ferrieux@orange.com \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).