netfilter: nf_tables: performance set policy skips size description in selection

Use the complexity and space notations if policy is performance, this
results in placing the bitmap set representation over the hashtable for
key <= 16 for better performance as we discussed during the last NFWS in
Faro, Portugal.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 929927171426a6e286bd5cc4412aaa99b77fec77..3b4a0739ee39aa39f8fd2ff6bbf56124e2d49f9d 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2549,14 +2549,9 @@ nft_select_set_ops(const struct nft_ctx *ctx,
                case NFT_SET_POL_PERFORMANCE:
                        if (est.lookup < best.lookup)
                                break;
-                       if (est.lookup == best.lookup) {
-                               if (!desc->size) {
-                                       if (est.space < best.space)
-                                               break;
-                               } else if (est.size < best.size) {
-                                       break;
-                               }
-                       }
+                       if (est.lookup == best.lookup &&
+                           est.space < best.space)
+                               break;
                        continue;
                case NFT_SET_POL_MEMORY:
                        if (!desc->size) {