If you have a need for thousands of rules, for example if you have a lot of clients or computers, all with different QoS specifications, you may find that the kernel spends a lot of time matching all those rules.

By default, all filters reside in one big chain which is matched in descending order of priority. If you have 1000 rules, 1000 checks may be needed to determine what to do with a packet.

Matching would go much quicker if you would have 256 chains with each four rules - if you could divide packets over those 256 chains, so that the right rule will be there.

Hashing makes this possible. Let's say you have 1024 cable modem customers in your network, with IP addresses ranging from 1.2.0.0 to 1.2.3.255, and each has to go in another bin, for example 'lite', 'regular' and 'premium'. You would then have 1024 rules like this:

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.0 classid 1:1

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.1 classid 1:1

...

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.3.254 classid 1:3

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.3.255 classid 1:2

To speed this up, we can use the last part of the IP address as a 'hash key'. We then get 256 tables, the first of which looks like this:

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.0 classid 1:1

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.1.0 classid 1:1

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.2.0 classid 1:3

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.3.0 classid 1:2

The next one starts like this:

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.1 classid 1:1

...

This way, only four checks are needed at most, two on average.

Configuration is pretty complicated, but very worth it by the time you have this many rules. First we make a filter root, then we create a table with 256 entries:

# tc filter add dev eth1 parent 1:0 prio 5 protocol ip u32

# tc filter add dev eth1 parent 1:0 prio 5 handle 2: protocol ip u32 divisor 256

Now we add some rules to entries in the created table:

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.0.123 flowid 1:1

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.1.123 flowid 1:2

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.3.123 flowid 1:3

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.4.123 flowid 1:2

This is entry 123, which contains matches for 1.2.0.123, 1.2.1.123, 1.2.2.123, 1.2.3.123, and sends them to 1:1, 1:2, 1:3 and 1:2 respectively. Note that we need to specify our hash bucket in hex, 0x7b is 123.

Next create a 'hashing filter' that directs traffic to the right entry in the hashing table:

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 800:: \

        match ip src 1.2.0.0/16 \

        hashkey mask 0x000000ff at 12 \

        link 2:

Ok, some numbers need explaining. The default hash table is called 800:: and all filtering starts there. Then we select the source address, which lives as position 12, 13, 14 and 15 in the IP header, and indicate that we are only interested in the last part. This will be sent to hash table 2:, which we created earlier.

It is quite complicated, but it does work in practice and performance will be staggering. Note that this example could be improved to the ideal case where each chain contains 1 filter!

Hashing filters for very fast massive filtering的更多相关文章

  1. 基于Fast Bilateral Filtering 算法的 High-Dynamic Range(HDR) 图像显示技术。

    一.引言 本人初次接触HDR方面的知识,有描述不正确的地方烦请见谅. 为方便文章描述,引用部分百度中的文章对HDR图像进行简单的描述. 高动态范围图像(High-Dynamic Range,简称HDR ...

  2. Tone Mapping算法系列一:基于Fast Bilateral Filtering 算法的 High-Dynamic Range(HDR) 图像显示技术。

    一.引言 本人初次接触HDR方面的知识,有描述不正确的地方烦请见谅. 为方便文章描述,引用部分百度中的文章对HDR图像进行简单的描述. 高动态范围图像(High-Dynamic Range,简称HDR ...

  3. Optimizing shaper — hashing filters (HTB)

    I have a very nice shaper in my linux box :-) How the configurator works — it’s another question, he ...

  4. 阅读Real-Time O(1) Bilateral Filtering 一文的相关感受。

    研究双边滤波有很长一段时间了,最近看了一篇Real-Time O(1) Bilateral Filtering的论文,标题很吸引人,就研读了一番,经过几天的攻读,基本已理解其思想,现将这一过程做一简单 ...

  5. 编写 capture filters

    编写 capture filters 如有转载,请在转载前给我提一些建议.谢谢. 百度查不到资料,为无能的百度搜索增加点营养的料. 读 http://www.n-cg.net/CaptureFilte ...

  6. Gradle Goodness: Copy Files with Filtering

    Gradle Goodness: Copy Files with Filtering Gradle's copy task is very powerful and includes filterin ...

  7. CV code references

    转:http://www.sigvc.org/bbs/thread-72-1-1.html 一.特征提取Feature Extraction:   SIFT [1] [Demo program][SI ...

  8. CV codes代码分类整理合集 《转》

    from:http://www.sigvc.org/bbs/thread-72-1-1.html 一.特征提取Feature Extraction:   SIFT [1] [Demo program] ...

  9. [转]awsome c++

    原文链接 Awesome C++ A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny th ...

随机推荐

  1. C#get,set

    一直对get,set的理解只在文字上:get 属性访问器用于返回属性值,而 set 访问器用于分配新值.其实这样理解是有点狭隘的,尤其是对set.set应该可以理解为为成员分配新值时的处理,比如一个类 ...

  2. Matcher类:(转)

    Matcher类:     使用Matcher类,最重要的一个概念必须清楚:组(Group),在正则表达式中 ()定义了一个组,由于一个正则表达式可以包含很多的组,所以下面先说说怎么划分组的, 以及这 ...

  3. eclipse-mysql-tomcat搭建jspk开发环境

    ...本来不想写,刚刚给女朋友又安了一次发现几乎忘了,还是记一下吧.. 1.默认安装好jdk以及eclipse或相关ide. 2.检查jdk环境变量是否配置成功:cmd下输入 java -versio ...

  4. php连接ftp的研究,自带ftp函数 | fsockopen | curl实现ftp的连接

    持续更新中..............

  5. java之进制转换

    [转载]晨风�0�5�0�2�0�1�6�6 2014年03月08日 于 爱Java 发表 众所周知.程序世界计算机中采用的是二进制,一个数字可以用任意进制表示.所以看一个数据值的同时.还要观察它的进 ...

  6. java引用类型

      java数据类型图: java的数据类型分基本数据类型(原始数据类型)和引用数据类型:1.基本八大类,图中可以很清楚的看到:这种类型的数据变量在声明之后java就会立刻分配给他内存空间.如:sho ...

  7. 2.精通前端系列技术之seajs和gruntJs结合开发(三)

    1.我们先来了解下模块化历史 模块化历史 nodeJS的出现(http://nodejs.org/) commonJS规范(http://www.commonjs.org/) 浏览器JS的模块化? A ...

  8. SharePoint 列表应用实例 - 显示约束

    博客地址:http://blog.csdn.net/FoxDave 有时会碰到这样的需求,比如上传周报到文档库,周报只能领导和自己看到,其他同事是看不到的.通常我们开发的人遇到这种情况条件反射地想到的 ...

  9. C# MP3文件属性读取

    using (TempFile tempFile = new TempFile()) { using (FileStream fs = new FileStream(tempFile.FileName ...

  10. HTML5实战教程———开发一个简单漂亮的登录页面

    最近看过几个基于HTML5开发的移动应用,比如臭名昭著的12036移动客户端就是主要使用HTML5来实现的,虽然还是有点反应迟钝,但已经比较流畅了,相信随着智能手机的配置越来越高性能越来越好,会越来越 ...