Portal:DeveloperDocs/set internals: Difference between revisions
Jump to navigation
Jump to search
(Added intro and (stub) algorithm sections.) |
(→NFT_SET_FEATURES of available nft_set_types: Added nft_set_estimate .lookup and .space columns) |
||
| Line 1: | Line 1: | ||
The nftables generalized set infrastructure includes multiple set implementations. ''nft_select_set_ops()'' in [https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git/tree/net/netfilter/nf_tables_api.c nf_tables_api.c] chooses the implementation depending on required set features and operations, and on estimated lookup time and memory requirements in combination with user-specified set policy (''performance'' or ''memory''). | The nftables generalized set infrastructure includes multiple set implementations. ''nft_select_set_ops()'' in [https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git/tree/net/netfilter/nf_tables_api.c nf_tables_api.c] chooses the implementation depending on required set features and operations, and on estimated lookup time and memory requirements in combination with user-specified set policy (''performance'' or ''memory''). | ||
== | == Available nft_set_types == | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
! ''nft_set_type'' | ! rowspan="2" | ''nft_set_type'' | ||
! ''nft_set_types[]'' order | ! rowspan="2" | ''nft_set_types[]'' order | ||
! ''NFT_SET_INTERVAL'' | ! colspan="2" | ''nft_set_estimate NFT_SET_CLASS_[order]'' | ||
! ''NFT_SET_MAP'' | ! rowspan="2" | ''NFT_SET_INTERVAL'' | ||
! ''NFT_SET_TIMEOUT'' | ! rowspan="2" | ''NFT_SET_MAP'' | ||
! ''NFT_SET_OBJECT'' | ! rowspan="2" | ''NFT_SET_TIMEOUT'' | ||
! ''NFT_SET_EVAL'' | ! rowspan="2" | ''NFT_SET_OBJECT'' | ||
! Notes | ! rowspan="2" | ''NFT_SET_EVAL'' | ||
! rowspan="2" | Notes | |||
|- | |||
! ''.lookup'' | |||
! ''.space'' | |||
|- | |- | ||
! {{rh}} | ''nft_set_hash_fast_type'' | ! {{rh}} | ''nft_set_hash_fast_type'' | ||
| 0 | | 0 | ||
| ''O_1'' | |||
| ''O_N'' | |||
| {{no}} | | {{no}} | ||
| {{yes}} | | {{yes}} | ||
| Line 27: | Line 34: | ||
! {{rh}} | ''nft_set_hash_type'' | ! {{rh}} | ''nft_set_hash_type'' | ||
| 1 | | 1 | ||
| ''O_1'' | |||
| ''O_N'' | |||
| {{no}} | | {{no}} | ||
| {{yes}} | | {{yes}} | ||
| Line 37: | Line 46: | ||
! {{rh}} | ''nft_set_rhash_type'' | ! {{rh}} | ''nft_set_rhash_type'' | ||
| 2 | | 2 | ||
| ''O_1'' | |||
| ''O_N'' | |||
| {{no}} | | {{no}} | ||
| {{yes}} | | {{yes}} | ||
| Line 47: | Line 58: | ||
! {{rh}} | ''nft_set_bitmap_type'' | ! {{rh}} | ''nft_set_bitmap_type'' | ||
| 3 | | 3 | ||
| ''O_1'' | |||
| ''O_1'' | |||
| {{no}} | | {{no}} | ||
| {{no}} | | {{no}} | ||
| Line 57: | Line 70: | ||
! {{rh}} | ''nft_set_rbtree_type'' | ! {{rh}} | ''nft_set_rbtree_type'' | ||
| 4 | | 4 | ||
| ''O_LOG_N'' | |||
| ''O_N'' | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| Line 67: | Line 82: | ||
! {{rh}} | ''nft_set_pipapo_avx2_type'' | ! {{rh}} | ''nft_set_pipapo_avx2_type'' | ||
| 5 | | 5 | ||
| ''O_LOG_N'' | |||
| ''O_N'' | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
| Line 77: | Line 94: | ||
! {{rh}} | ''nft_set_pipapo_type'' | ! {{rh}} | ''nft_set_pipapo_type'' | ||
| 6 | | 6 | ||
| ''O_LOG_N'' | |||
| ''O_N'' | |||
| {{yes}} | | {{yes}} | ||
| {{yes}} | | {{yes}} | ||
Revision as of 22:19, 4 March 2021
The nftables generalized set infrastructure includes multiple set implementations. nft_select_set_ops() in nf_tables_api.c chooses the implementation depending on required set features and operations, and on estimated lookup time and memory requirements in combination with user-specified set policy (performance or memory).
Available nft_set_types
| nft_set_type | nft_set_types[] order | nft_set_estimate NFT_SET_CLASS_[order] | NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_TIMEOUT | NFT_SET_OBJECT | NFT_SET_EVAL | Notes | |
|---|---|---|---|---|---|---|---|---|---|
| .lookup | .space | ||||||||
| nft_set_hash_fast_type | 0 | O_1 | O_N | No | Yes | No | Yes | No | |
| nft_set_hash_type | 1 | O_1 | O_N | No | Yes | No | Yes | No | |
| nft_set_rhash_type | 2 | O_1 | O_N | No | Yes | Yes | Yes | Yes | |
| nft_set_bitmap_type | 3 | O_1 | O_1 | No | No | No | No | No | |
| nft_set_rbtree_type | 4 | O_LOG_N | O_N | Yes | Yes | Yes | Yes | No | |
| nft_set_pipapo_avx2_type | 5 | O_LOG_N | O_N | Yes | Yes | Yes | Yes | No | |
| nft_set_pipapo_type | 6 | O_LOG_N | O_N | Yes | Yes | Yes | Yes | No | |
If two nft_set_types have the same estimated lookup time and same estimated space requirement, nft_select_set_ops() chooses the type that appears first in nft_set_types[].
Hash implementations
Bitmap implementation
nft_set_bitmap.c - contains good documentation
Red-black tree implementation
PIPAPO implementations
- nft_set_pipapo.c - contains excellent documentation
- nft_set_pipapo_avx2.c
PIPAPO is loosely inspired by the Grouper network packet classification algorithm.