ip_conntrack_hash() problem

From: Martin Wilck (Martin.Wilck@Fujitsu-Siemens.com)
Date: Wed Sep 04 2002 - 07:33:41 EST


Hi,

I posted a patch to netfilter-devel a week ago that fixes a severe
performance problem with ip_conntrack_hash() (see below).
Harald rejected it (sort of), telling me I should have read past threads
about the hash function first.

http://marc.theaimsgroup.com/?l=netfilter-devel&m=103054090215896&w=2

I think I have to insist on this, though.

Although it certainly isn't the "optimal" hash function for
ip_conntrack, it fixes a problem that leads to extremely unbalanced
hashing in some situations, in particular in a simple
client<->router<->webserver scenario.

In that case, all connection tuples from server to client, i.e. 50% of
all tuples, end up in the same bucket(!), as I showed in my posting to
netfilter-devel.

This happens if the hash size is a power of 2, which is the default on
most newer machines.

The fix is rather trivial (mainly the port numbers are accounted for
outside the ntohl() function), and therefore I'd like to ask again that
it be applied.

Unless I am mistaken, the past discussions were mainly concerned with
fine-tuning of the hash function, which is a topic my patch doesn't
address, and can easily be done on top of it.

Regards,
Martin

-- 
Martin Wilck                Phone: +49 5251 8 15113
Fujitsu Siemens Computers   Fax:   +49 5251 8 20409
Heinz-Nixdorf-Ring 1	    mailto:Martin.Wilck@Fujitsu-Siemens.com
D-33106 Paderborn           http://www.fujitsu-siemens.com/primergy

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Sep 07 2002 - 22:00:21 EST