Portal:DeveloperDocs/set internals: Difference between revisions
Jump to navigation
Jump to search
(Removed redundant text from intro section.) |
(→Available nft_set_types: Added columns: # concatenated fields, variable # elements, expression support) |
||
| Line 8: | Line 8: | ||
! rowspan="2" | ''nft_set_types[]'' order | ! rowspan="2" | ''nft_set_types[]'' order | ||
! colspan="2" | ''nft_set_estimate NFT_SET_CLASS_[order]'' | ! colspan="2" | ''nft_set_estimate NFT_SET_CLASS_[order]'' | ||
! rowspan="2" | # Concatenated fields | |||
! rowspan="2" | Variable # elements | |||
! rowspan="2" | ''NFT_SET_INTERVAL'' | ! rowspan="2" | ''NFT_SET_INTERVAL'' | ||
! rowspan="2" | ''NFT_SET_MAP'' | ! rowspan="2" | ''NFT_SET_MAP'' | ||
| Line 13: | Line 15: | ||
! rowspan="2" | ''NFT_SET_OBJECT'' | ! rowspan="2" | ''NFT_SET_OBJECT'' | ||
! rowspan="2" | ''NFT_SET_EVAL'' | ! rowspan="2" | ''NFT_SET_EVAL'' | ||
! rowspan="2" | Expression support | |||
! rowspan="2" | Notes | ! rowspan="2" | Notes | ||
| Line 24: | Line 27: | ||
| ''O_1'' | | ''O_1'' | ||
| ''O_N'' | | ''O_N'' | ||
| | |||
| {{no}} | |||
| {{no}} | | {{no}} | ||
| {{yes}} | | {{yes}} | ||
| Line 30: | Line 35: | ||
| {{no}} | | {{no}} | ||
| | | | ||
| klen != 4 | |||
|- | |- | ||
| Line 36: | Line 42: | ||
| ''O_1'' | | ''O_1'' | ||
| ''O_N'' | | ''O_N'' | ||
| | |||
| {{no}} | |||
| {{no}} | | {{no}} | ||
| {{yes}} | | {{yes}} | ||
| Line 42: | Line 50: | ||
| {{no}} | | {{no}} | ||
| | | | ||
| klen != 4 | |||
|- | |- | ||
| Line 48: | Line 57: | ||
| ''O_1'' | | ''O_1'' | ||
| ''O_N'' | | ''O_N'' | ||
| | |||
| {{yes}} | |||
| {{no}} | | {{no}} | ||
| {{yes}} | | {{yes}} | ||
| Line 53: | Line 64: | ||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| | |||
| | | | ||
| Line 60: | Line 72: | ||
| ''O_1'' | | ''O_1'' | ||
| ''O_1'' | | ''O_1'' | ||
| | |||
| {{yes}} | |||
| {{no}} | |||
| {{no}} | | {{no}} | ||
| {{no}} | | {{no}} | ||
| Line 65: | Line 80: | ||
| {{no}} | | {{no}} | ||
| {{no}} | | {{no}} | ||
| | | klen <= 2 | ||
|- | |- | ||
| Line 72: | Line 87: | ||
| ''O_LOG_N'' | | ''O_LOG_N'' | ||
| ''O_N'' | | ''O_N'' | ||
| 0 - 1 | |||
| {{yes}} | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| Line 78: | Line 95: | ||
| {{no}} | | {{no}} | ||
| | | | ||
| | |||
|- | |- | ||
| Line 84: | Line 102: | ||
| ''O_LOG_N'' | | ''O_LOG_N'' | ||
| ''O_N'' | | ''O_N'' | ||
| >= 2 | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} (Mandatory) | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| {{no}} | | {{no}} | ||
| | |||
| | | | ||
| Line 96: | Line 117: | ||
| ''O_LOG_N'' | | ''O_LOG_N'' | ||
| ''O_N'' | | ''O_N'' | ||
| >= 2 | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} (Mandatory) | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| {{no}} | | {{no}} | ||
| | |||
| | | | ||
Revision as of 18:55, 5 March 2021
The nftables generalized set infrastructure includes multiple set implementations. The implementation chosen for a given set depends on required set features and operations, and on estimated element lookup time and set memory requirements.
Available nft_set_types
| nft_set_type | nft_set_types[] order | nft_set_estimate NFT_SET_CLASS_[order] | # Concatenated fields | Variable # elements | NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_TIMEOUT | NFT_SET_OBJECT | NFT_SET_EVAL | Expression support | Notes | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| .lookup | .space | |||||||||||
| nft_set_hash_fast_type | 0 | O_1 | O_N | No | No | Yes | No | Yes | No | klen != 4 | ||
| nft_set_hash_type | 1 | O_1 | O_N | No | No | Yes | No | Yes | No | klen != 4 | ||
| nft_set_rhash_type | 2 | O_1 | O_N | Yes | No | Yes | Yes | Yes | Yes | |||
| nft_set_bitmap_type | 3 | O_1 | O_1 | Yes | No | No | No | No | No | No | klen <= 2 | |
| nft_set_rbtree_type | 4 | O_LOG_N | O_N | 0 - 1 | Yes | Yes | Yes | Yes | Yes | No | ||
| nft_set_pipapo_avx2_type | 5 | O_LOG_N | O_N | >= 2 | Yes | Yes (Mandatory) | Yes | Yes | Yes | No | ||
| nft_set_pipapo_type | 6 | O_LOG_N | O_N | >= 2 | Yes | Yes (Mandatory) | Yes | Yes | Yes | No | ||
- nft_set_estimate .lookup and .space are in terms of enum nft_set_class, defined in nf_tables.h:
enum nft_set_class {
NFT_SET_CLASS_O_1,
NFT_SET_CLASS_O_LOG_N,
NFT_SET_CLASS_O_N,
};- nft_select_set_ops() in nf_tables_api.c: chooses which nft_set_type to use. For sets with default performance policy it chooses lower .lookup; for sets with memory policy it chooses lower .space.
- When choosing between two nft_set_types with the same .lookup and .space, nft_select_set_ops() chooses the type that appears first in nft_set_types[].
Hash implementations
Bitmap implementation
nft_set_bitmap.c - contains good documentation
Red-black tree implementation
PIPAPO implementations
- nft_set_pipapo.c - contains excellent documentation
- nft_set_pipapo_avx2.c
PIPAPO is loosely inspired by the Grouper network packet classification algorithm.