| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250820230445.05f5029f@elisabeth>
Date: Wed, 20 Aug 2025 23:04:45 +0200
From: Stefano Brivio <sbrivio@...hat.com>
To: Sebastian Andrzej Siewior <bigeasy@...utronix.de>
Cc: Florian Westphal <fw@...len.de>, netdev@...r.kernel.org, Paolo Abeni
<pabeni@...hat.com>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
netfilter-devel@...r.kernel.org, pablo@...filter.org
Subject: Re: [PATCH net-next 5/6] netfilter: nft_set_pipapo: Store real
pointer, adjust later.
On Wed, 20 Aug 2025 18:34:51 +0200
Stefano Brivio <sbrivio@...hat.com> wrote:
> On Wed, 20 Aug 2025 18:29:25 +0200
> Sebastian Andrzej Siewior <bigeasy@...utronix.de> wrote:
>
> > On 2025-08-20 18:15:36 [+0200], Stefano Brivio wrote:
> > > > As far as I remember the alignment code expects that the "hole" at the
> > > > begin does not exceed a certain size and the lock there exceeds it.
> > >
> > > I think you're right. But again, the alignment itself should be fast,
> > > that's not what I'm concerned about.
> >
> > Are we good are do you want me to do the performance check, that you
> > suggested?
>
> I think it would be good if you could give that a try (I don't have a
> stable setup to run that at hand right now, sorry). It shouldn't take
> long.
Never mind, I just found a moment to run that for you. Before your
change (net-next a couple of weeks old -- I didn't realise that Florian
introduced a 'nft_concat_range_perf.sh' meanwhile):
---
# ./nft_concat_range_perf.sh
TEST: performance
net,port 28s [ OK ]
baseline (drop from netdev hook): 26079726pps
baseline hash (non-ranged entries): 18795587pps
baseline rbtree (match on first field only): 9461059pps
set with 1000 full, ranged entries: 14358957pps
port,net 22s [ OK ]
baseline (drop from netdev hook): 26183255pps
baseline hash (non-ranged entries): 18738336pps
baseline rbtree (match on first field only): 12578272pps
set with 100 full, ranged entries: 15277135pps
net6,port 28s [ OK ]
baseline (drop from netdev hook): 25094125pps
baseline hash (non-ranged entries): 17011489pps
baseline rbtree (match on first field only): 6964647pps
set with 1000 full, ranged entries: 11721714pps
port,proto 304s [ OK ]
baseline (drop from netdev hook): 26174580pps
baseline hash (non-ranged entries): 19252254pps
baseline rbtree (match on first field only): 8516771pps
set with 30000 full, ranged entries: 6064576pps
net6,port,mac 23s [ OK ]
baseline (drop from netdev hook): 24996893pps
baseline hash (non-ranged entries): 14526917pps
baseline rbtree (match on first field only): 12596905pps
set with 10 full, ranged entries: 12089867pps
net6,port,mac,proto 35s [ OK ]
baseline (drop from netdev hook): 24874223pps
baseline hash (non-ranged entries): 14352580pps
baseline rbtree (match on first field only): 6884754pps
set with 1000 full, ranged entries: 8787067pps
net,mac 29s [ OK ]
baseline (drop from netdev hook): 25956434pps
baseline hash (non-ranged entries): 17166976pps
baseline rbtree (match on first field only): 9423341pps
set with 1000 full, ranged entries: 12150579pps
---
after your change:
---
# ./nft_concat_range_perf.sh
TEST: performance
net,port 27s [ OK ]
baseline (drop from netdev hook): 27212033pps
baseline hash (non-ranged entries): 19494836pps
baseline rbtree (match on first field only): 9669798pps
set with 1000 full, ranged entries: 14931543pps
port,net 23s [ OK ]
baseline (drop from netdev hook): 27085267pps
baseline hash (non-ranged entries): 19642549pps
baseline rbtree (match on first field only): 12852031pps
set with 100 full, ranged entries: 15882440pps
net6,port 29s [ OK ]
baseline (drop from netdev hook): 26134468pps
baseline hash (non-ranged entries): 17732410pps
baseline rbtree (match on first field only): 7044812pps
set with 1000 full, ranged entries: 11670109pps
port,proto 300s [ OK ]
baseline (drop from netdev hook): 27227915pps
baseline hash (non-ranged entries): 20266609pps
baseline rbtree (match on first field only): 8662566pps
set with 30000 full, ranged entries: 6147235pps
net6,port,mac 23s [ OK ]
baseline (drop from netdev hook): 26001705pps
baseline hash (non-ranged entries): 15448524pps
baseline rbtree (match on first field only): 12867457pps
set with 10 full, ranged entries: 12140558pps
net6,port,mac,proto 34s [ OK ]
baseline (drop from netdev hook): 25485866pps
baseline hash (non-ranged entries): 14794412pps
baseline rbtree (match on first field only): 6929897pps
set with 1000 full, ranged entries: 8754555pps
net,mac 28s [ OK ]
baseline (drop from netdev hook): 27095870pps
baseline hash (non-ranged entries): 17848010pps
baseline rbtree (match on first field only): 9576292pps
set with 1000 full, ranged entries: 12568702pps
---
it's a single run and not exactly from the same baseline (you see that
the baseline actually improved), but I'd say it's enough to be
confident that the change doesn't affect matching rate significantly,
so:
Reviewed-by: Stefano Brivio <sbrivio@...hat.com>
...thanks for making this simpler!
--
Stefano
Powered by blists - more mailing lists