From: Patrick McHardy <kaber@trash.net>
To: jdb@comx.dk
Cc: Netfilter Developers <netfilter-devel@vger.kernel.org>,
Harald Welte <laforge@netfilter.org>,
Martin Josefsson <gandalf@netfilter.org>
Subject: Re: [PATCH 3/3] Solving scalability issue: for chain list "name" searching.
Date: Tue, 15 Jan 2008 18:18:48 +0100 [thread overview]
Message-ID: <478CEAF8.5020509@trash.net> (raw)
In-Reply-To: <1198245030.23885.17.camel@localhost.localdomain>
Jesper Dangaard Brouer wrote:
> Solving scalability issue: for chain list "name" searching.
> Functions: iptcc_find_label(), iptc_is_chain().
>
> Testing if a chain exist, requires a linearly walk of linked list with
> chain-names (doing a strcmp(3) in each step). Giving a worst-case
> runtime of O(n) where n is the number of chains.
>
> Why is this important to fix?! If only called once, this should not be
> a big concern, even-though the string compares are expensive.
>
> The performance issue arise with many chains for example; when using
> "iptables-restore", or when listing all "iptables -nL" rules, or when
> using CPAN IPTables::libiptc.
>
> Having 50k chains, the rule listing, with the command:
> "./iptables -nL > /dev/null",
> Without patch it takes approximately 5 minutes,
> With the patch it takes 0.5 seconds.
>
> Listing without patch:
> real 4m49.426s
> user 4m37.993s
> sys 0m0.280s
>
> Listing with patch:
> real 0m0.558s
> user 0m0.484s
> sys 0m0.064s
>
> How is it solved?!
>
> The issue is solved introducing a new data structure, that allow us to
> do binary search of chain names. Thus, reducing the worst-case runtime
> to O(log n).
>
> Being more specific:
>
> The new data structure is called "chain index", which is an array with
> pointers into the chain list, with CHAIN_INDEX_BUCKET_LEN spacing.
> This facilitates the ability to speedup chain list searching, by find
> a more optimal starting points when searching the linked list.
>
> The runtime complexity is actually also affected by this "bucket" size
> concept. Thus, O(log(n/k) + k) where k is CHAIN_INDEX_BUCKET_LEN.
>
> A nice property of the chain index, is that the "bucket" list
> length is max CHAIN_INDEX_BUCKET_LEN (when just build, inserts will
> change this). Oppose to hashing, where the "bucket" list length can
> vary a lot.
>
> Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
This looks fine and survives some basic testing, so I've applied it.
Thanks a lot Jesper.
prev parent reply other threads:[~2008-01-15 17:18 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-12-21 13:44 [PATCH 0/3] Solve scalability issue for chain list "name" searching Jesper Dangaard Brouer
2007-12-21 13:46 ` [PATCH 1/3] Inline functions iptcc_is_builtin() and set_changed() Jesper Dangaard Brouer
2008-01-15 17:01 ` Patrick McHardy
2007-12-21 13:47 ` [PATCH 2/3] Introduce a counter for number of user defined chains Jesper Dangaard Brouer
2008-01-15 17:06 ` Patrick McHardy
2007-12-21 13:50 ` [PATCH 3/3] Solving scalability issue: for chain list "name" searching Jesper Dangaard Brouer
2008-01-15 17:18 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=478CEAF8.5020509@trash.net \
--to=kaber@trash.net \
--cc=gandalf@netfilter.org \
--cc=jdb@comx.dk \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).