git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Scott Mitchell <scott.k.mitch1@gmail.com>
	Fri, 23 Jan 2026 22:09:30 +0000 (14:09 -0800)
committer	Florian Westphal <fw@strlen.de>
	Thu, 29 Jan 2026 08:52:07 +0000 (09:52 +0100)
commit	e19079adcd26a25d7d3e586b1837493361fdf8b6
tree	db0169206b20d0b70c66cbd47bb70f1cc3ac280b	tree
parent	77fd1b4c6e084619beff1a55cb66e65c6a66615c	commit \| diff

netfilter: nfnetlink_queue: optimize verdict lookup with hash table

The current implementation uses a linear list to find queued packets by
ID when processing verdicts from userspace. With large queue depths and
out-of-order verdicting, this O(n) lookup becomes a significant
bottleneck, causing userspace verdict processing to dominate CPU time.

Replace the linear search with a hash table for O(1) average-case
packet lookup by ID. A global rhashtable spanning all network
namespaces attributes hash bucket memory to kernel but is subject to
fixed upper bound.

Signed-off-by: Scott Mitchell <scott.k.mitch1@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

include/net/netfilter/nf_queue.h		diff \| blob \| blame \| history
net/netfilter/nfnetlink_queue.c		diff \| blob \| blame \| history