I am currently working with a traffic shaping Linux node. The rule set has grown to about 2500 hosts, all identified specifically by MAC address. The filter configuration is "basic", meaning that on average, 1250 rules must be tested before a packet is filtered to the correct class. At line rates we’re currently seeing, this is causing too much CPU on the host, causing packets to be dropped.
I would like to move from the linear linked-list ruleset to a 6-level hashtable lookup (one for each byte of the MAC address)
I am completely unsure on how to achieve this currently. Most documentation on this feature is reasonably confusing to me, and as far as I’ve found, it all is based on IP address hashing.
I’m currently matching packets based on their L2 header values with a filter, example (for egress/upload):
tc filter add dev <dev> protocol ip parent 1:0 prio 1 u32 match u16 0x0800 at -2 match u16 0x3456 0xffff at -4 match u32 0x52540012 0xffffffff at -8 flowid 1:50
Are there any resources I could follow to maybe explain the hashtable setup better?