If you have a need for thousands of rules, for example if you have a lot of clients or computers, all with different QoS specifications, you may find that the kernel spends a lot of time matching all those rules.

By default, all filters reside in one big chain which is matched in descending order of priority. If you have 1000 rules, 1000 checks may be needed to determine what to do with a packet.

Matching would go much quicker if you would have 256 chains with each four rules - if you could divide packets over those 256 chains, so that the right rule will be there.

Hashing makes this possible. Let's say you have 1024 cable modem customers in your network, with IP addresses ranging from 1.2.0.0 to 1.2.3.255, and each has to go in another bin, for example 'lite', 'regular' and 'premium'. You would then have 1024 rules like this:

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.0 classid 1:1

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.1 classid 1:1

...

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.3.254 classid 1:3

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.3.255 classid 1:2

To speed this up, we can use the last part of the IP address as a 'hash key'. We then get 256 tables, the first of which looks like this:

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.0 classid 1:1

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.1.0 classid 1:1

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.2.0 classid 1:3

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.3.0 classid 1:2

The next one starts like this:

# tc filter add dev eth1 parent 1:0 protocol ip prio 100 match ip src \

  1.2.0.1 classid 1:1

...

This way, only four checks are needed at most, two on average.

Configuration is pretty complicated, but very worth it by the time you have this many rules. First we make a filter root, then we create a table with 256 entries:

# tc filter add dev eth1 parent 1:0 prio 5 protocol ip u32

# tc filter add dev eth1 parent 1:0 prio 5 handle 2: protocol ip u32 divisor 256

Now we add some rules to entries in the created table:

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.0.123 flowid 1:1

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.1.123 flowid 1:2

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.3.123 flowid 1:3

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 2:7b: \

        match ip src 1.2.4.123 flowid 1:2

This is entry 123, which contains matches for 1.2.0.123, 1.2.1.123, 1.2.2.123, 1.2.3.123, and sends them to 1:1, 1:2, 1:3 and 1:2 respectively. Note that we need to specify our hash bucket in hex, 0x7b is 123.

Next create a 'hashing filter' that directs traffic to the right entry in the hashing table:

# tc filter add dev eth1 protocol ip parent 1:0 prio 5 u32 ht 800:: \

        match ip src 1.2.0.0/16 \

        hashkey mask 0x000000ff at 12 \

        link 2:

Ok, some numbers need explaining. The default hash table is called 800:: and all filtering starts there. Then we select the source address, which lives as position 12, 13, 14 and 15 in the IP header, and indicate that we are only interested in the last part. This will be sent to hash table 2:, which we created earlier.

It is quite complicated, but it does work in practice and performance will be staggering. Note that this example could be improved to the ideal case where each chain contains 1 filter!

Hashing filters for very fast massive filtering的更多相关文章

  1. 基于Fast Bilateral Filtering 算法的 High-Dynamic Range(HDR) 图像显示技术。

    一.引言 本人初次接触HDR方面的知识,有描述不正确的地方烦请见谅. 为方便文章描述,引用部分百度中的文章对HDR图像进行简单的描述. 高动态范围图像(High-Dynamic Range,简称HDR ...

  2. Tone Mapping算法系列一:基于Fast Bilateral Filtering 算法的 High-Dynamic Range(HDR) 图像显示技术。

    一.引言 本人初次接触HDR方面的知识,有描述不正确的地方烦请见谅. 为方便文章描述,引用部分百度中的文章对HDR图像进行简单的描述. 高动态范围图像(High-Dynamic Range,简称HDR ...

  3. Optimizing shaper — hashing filters (HTB)

    I have a very nice shaper in my linux box :-) How the configurator works — it’s another question, he ...

  4. 阅读Real-Time O(1) Bilateral Filtering 一文的相关感受。

    研究双边滤波有很长一段时间了,最近看了一篇Real-Time O(1) Bilateral Filtering的论文,标题很吸引人,就研读了一番,经过几天的攻读,基本已理解其思想,现将这一过程做一简单 ...

  5. 编写 capture filters

    编写 capture filters 如有转载,请在转载前给我提一些建议.谢谢. 百度查不到资料,为无能的百度搜索增加点营养的料. 读 http://www.n-cg.net/CaptureFilte ...

  6. Gradle Goodness: Copy Files with Filtering

    Gradle Goodness: Copy Files with Filtering Gradle's copy task is very powerful and includes filterin ...

  7. CV code references

    转:http://www.sigvc.org/bbs/thread-72-1-1.html 一.特征提取Feature Extraction:   SIFT [1] [Demo program][SI ...

  8. CV codes代码分类整理合集 《转》

    from:http://www.sigvc.org/bbs/thread-72-1-1.html 一.特征提取Feature Extraction:   SIFT [1] [Demo program] ...

  9. [转]awsome c++

    原文链接 Awesome C++ A curated list of awesome C++ (or C) frameworks, libraries, resources, and shiny th ...

随机推荐

  1. mysql 忘记root密码修改方法

    先将mysql安装bin目录(例如:c:xxx\xxx\mysql\bin  加入环境变量) 1.在命令行窗口下输入net stop mysql5 或 net stop mysql 2.开一个命令行窗 ...

  2. Java:一个简单的Java应用程序

    /** * 这是文档注释 * @version  * @author  */ /* 这之间的内容也是注释 */ //这是行注释 public class FirstSample { public st ...

  3. HDU 5768 中国剩余定理

    题目链接:Lucky7 题意:求在l和r范围内,满足能被7整除,而且不满足任意一组,x mod p[i] = a[i]的数的个数. 思路:容斥定理+中国剩余定理+快速乘法. (奇+ 偶-) #incl ...

  4. 使用Linq快速的操作XML

    开始内容之前先分享一段话 有时候,当你知道要做什么的时候就做的很快,比如你要实现个功能,码字的活儿不算很难,做个检索也不会有什么难倒你的.但是,做着做着,你发现好像世界上的工作都在重复,于是你有种心要 ...

  5. spring MVC 详细入门

    移步到这里:http://www.admin10000.com/document/6436.html

  6. PowerMock遇到的问题——3

    在用WhiteBox调用对象的私有方法时,如果要传的参数为空,如果直接在参数列表中写null的话,可能会报空指针异常,可以定义一个变量使他等于空,再把变量传进去就可以了.

  7. Java中断言的使用(转)

    相信学过c,c++的朋友一定不会对断言感到陌生.下面介绍一下断言在JAVA中的使用,JAVA是从JDK1.4才开始支持断言的(添加了关键字assert),请注意老版的JRE不支持. 断言概述 编写代码 ...

  8. 在linux终端下打开pdf文件

    已经使用linux有很长的时间了,感觉linux的终端使用起来非常的方便.但是怎么在linux下用命令的方式打开pdf文件呢.我查了一下,打开pdf的命令是: evince [filename] 例如 ...

  9. CSU 1111 D(Contest #3)

              有三户人家共拥有一座花园,每户人家的太太均需帮忙整理花园.A 太太工作了5 天,B 太太则工作了4 天,才将花园整理完毕.C 太太因为正身怀六甲无法加入她们的行列,便出了90元.请 ...

  10. Spring学习笔记之Bean的实例化

    一.bean的实例化方法有3种, 1.构造器实例化 2.静态工厂方法实例化 3.实例工厂方法实例化 二.用构造器来实例化 <bean id="ShunDao" class=& ...