Always prefer the avx2 implementation if its available.
This greatly improves insertion performance (each insertion
checks if the new element would overlap with an existing one):
time nft -f - <<EOF
table ip pipapo {
set s {
typeof ip saddr . tcp dport
flags interval
size 800000
elements = { 10.1.1.1 - 10.1.1.4 . 3996,
[.. 800k entries elided .. ]
before:
real 1m55.993s
user 0m2.505s
sys 1m53.296s
after:
real 0m42.586s
user 0m2.554s
sys 0m39.811s
First patch does some refactoring so the common part can be reused
for both packetpath and control plane.
Second patch alters control plane to use avx2.
Florian Westphal (2):
netfilter: nft_set_pipapo_avx2: split lookup function in two parts
netfilter: nft_set_pipapo: use avx2 algorithm for insertions too
net/netfilter/nft_set_pipapo.c | 47 ++++++++--
net/netfilter/nft_set_pipapo_avx2.c | 127 +++++++++++++++++-----------
net/netfilter/nft_set_pipapo_avx2.h | 4 +
3 files changed, 122 insertions(+), 56 deletions(-)
--
2.49.1
