ProHoster > Π‘Π»ΠΎΠ³ > xov xwm hauv internet > Linux kernel 5.7 yuav ua kom cov npe sib txuam hauv NetFilter

Linux kernel 5.7 yuav ua kom cov npe sib txuam hauv NetFilter

Cov neeg tsim tawm ntawm Netfilter lim thiab hloov kho subsystem rau cov pob ntawv network luam tawm ib txheej ntawm thaj ua rau thaj uas ua kom nrawm nrawm ntawm cov npe sib tw loj (nftables teeb), uas yuav tsum tau kuaj xyuas qhov sib xyaw ntawm subnets, network ports, raws tu qauv thiab MAC chaw nyob. Patches twb tau txais mus rau hauv ceg nf-ua ntej, uas yuav raug thov kom suav nrog hauv Linux 5.7 kernel. Qhov tseem ceeb tshaj plaws acceleration tau tiav ua tsaug rau koom nrog AVX2 cov lus qhia (nyob rau yav tom ntej nws tau npaj los tshaj tawm cov kev ua kom zoo sib xws raws li NEON cov lus qhia rau ARM).

Optimizations muaj nyob rau hauv lub module nft_set_pipapo (PIle PAcket POlicies), uas daws qhov teeb meem ntawm kev sib piv cov ntsiab lus ntawm pob ntawv nrog cov cheeb tsam hauv xeev uas tsis txaus ntseeg siv hauv cov cai lim dej, xws li IP thiab cov chaw nres nkoj network (nft_set_rbtree thiab nft_set_hash manipulate interval matching thiab ncaj qha cuam tshuam txog qhov tseem ceeb). Lub version ntawm pipapo vectorized siv 256-ntsis AVX2 cov lus qhia ntawm lub kaw lus nrog AMD Epyc 7402 processor tau pom qhov kev ua tau zoo 420% nce thaum parsing 30 txhiab cov ntaub ntawv suav nrog kev sib txuas ntawm chaw nres nkoj. Qhov nce thaum muab piv rau kev sib xyaw ua ke ntawm subnet thiab tus lej chaw nres nkoj thaum parsing 1000 cov ntaub ntawv yog 87% rau IPv4 thiab 128% rau IPv6.

Linux kernel 5.7 yuav ua kom cov npe sib txuam hauv NetFilter

Lwm qhov kev ua kom zoo dua qub, tso cai rau kev siv 8-ntsis match pawg es tsis yog 4-ntsis, kuj tau pom qhov kev ua tau zoo tseem ceeb: 66% thaum parsing 30 txhiab chaw nres nkoj-txoj kev nkag, 43% rau subnet_IPv4-chaw nres nkoj, thiab 61% rau subnet_IPv6-port. Nyob rau hauv tag nrho, noj mus rau hauv tus account AVX2 optimizations, pipapo qhov kev ua tau zoo nce nyob rau hauv cov kev ntsuam xyuas los ntawm 766%, 168% thiab 269%, feem. Cov yam ntxwv tau txais rau kev sib piv nyuaj yog ua ntej ntawm ib qho kev kuaj xyuas hauv ua rbtre (nrog rau kev zam ntawm qhov chaw nres nkoj + raws tu qauv kuaj), tab sis kom deb li deb lawv lag tom qab kev kuaj xyuas ncaj qha siv hashs thiab poob handlers raws li netdev.

Linux kernel 5.7 yuav ua kom cov npe sib txuam hauv NetFilter

Tau qhov twg los: opennet.ru

Ntxiv ib saib