bugzilla-daemon at netfilter.org
2020-May-02 12:04 UTC
[Bug 1426] New: Inefficient command lookup on errors
https://bugzilla.netfilter.org/show_bug.cgi?id=1426
Bug ID: 1426
Summary: Inefficient command lookup on errors
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: makovick at gmail.com
Created attachment 592
--> https://bugzilla.netfilter.org/attachment.cgi?id=592&action=edit
nft_netlink error path speedup patch
When nft_netlink() encounters an error, it looks up the offending command in
the command list, always starting from the list head. With long machine
generated nftables containing errors, this can take a very long time, making an
impression that nft locked up.
Because the command seqnums in the command list are monotonic, and so are
usually the error seqnums, this performance issue can be easily mitigated by
resetting the search position to the command list head only if the error seqnum
decreases.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200502/cd0aef60/attachment.html>
bugzilla-daemon at netfilter.org
2020-May-02 14:33 UTC
[Bug 1426] Inefficient command lookup on errors
https://bugzilla.netfilter.org/show_bug.cgi?id=1426
Jindřich Makovička <makovick at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #592 is|0 |1
obsolete| |
--- Comment #1 from Jindřich Makovička <makovick at gmail.com> ---
Created attachment 593
--> https://bugzilla.netfilter.org/attachment.cgi?id=593&action=edit
nft_netlink error path speedup patch
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200502/83799625/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-31 21:27 UTC
[Bug 1426] Inefficient command lookup on errors
https://bugzilla.netfilter.org/show_bug.cgi?id=1426
Jindřich Makovička <makovick at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #593 is|0 |1
obsolete| |
--- Comment #2 from Jindřich Makovička <makovick at gmail.com> ---
Created attachment 601
--> https://bugzilla.netfilter.org/attachment.cgi?id=601&action=edit
nft_netlink error path speedup patch
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200731/42f4fd73/attachment.html>
bugzilla-daemon at netfilter.org
2020-Aug-27 03:37 UTC
[Bug 1426] Inefficient command lookup on errors
https://bugzilla.netfilter.org/show_bug.cgi?id=1426
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200827/38468b8c/attachment.html>
bugzilla-daemon at netfilter.org
2020-Sep-21 23:27 UTC
[Bug 1426] Inefficient command lookup on errors
https://bugzilla.netfilter.org/show_bug.cgi?id=1426
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Patch is applied, thanks.
I observe a real gain (much faster speedup) if
struct {
uint16_t offset;
struct location *location;
} attr[NFT_NLATTR_LOC_MAX];
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200921/ad9a8c48/attachment.html>
bugzilla-daemon at netfilter.org
2020-Sep-21 23:29 UTC
[Bug 1426] Inefficient command lookup on errors
https://bugzilla.netfilter.org/show_bug.cgi?id=1426
--- Comment #4 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Patch is applied, thanks.
I observe a real gain (much faster speedup) if
struct {
uint16_t offset;
struct location *location;
} attr[NFT_NLATTR_LOC_MAX];
in struct cmd is translated to use a hashtable, probably using the command
sequence number and the offset as key and importing the jhash() into the tree
(like in the conntrack-tools).
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200921/eae5ce10/attachment.html>
Reasonably Related Threads
- [Bug 1199] New: nft_set_hash fast lookup broken for 2 byte keys
- [Bug 1444] New: nftables-0.9.6 crashes on some set notations:
- [Bug 1365] New: nft crashes in chain_print_declaration()
- [Bug 967] New: segfault when adding large sets
- [Bug 1426] New: ssh key verification hint (on remote side)