pkg/policyfilter: optimize inner policy maps memory usage #4340
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Enable BPF_F_NO_PREALLOC flag for the inner per-policy maps(policy_%d_map). Currently it uses a fixed size(32768) and the default preallocated hash map mode. This commit will optimize the pre-allocation memory only for actual entries, which will reduce the footprint. Fixes: cilium#4249 Signed-off-by: Kyle Dong <[email protected]>
kkourt
added
the
release-note/minor
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Add a user-configurable knob enable-policy-filter-no-prealloc. With this flag, users can choose whether to enable or disable BPF_F_NO_PREALLOC for the inner policy maps, depending on their needs. Signed-off-by: Kyle Dong <[email protected]>
kyledong-suse
force-pushed
the
pr/kyledong-suse/optimize-inner-policy-maps-memory-usage
branch
from
24d75a6 to
100c6e6
Compare
mtardy
reviewed
Nov 21, 2025
Member
mtardy
left a comment
mtardy
left a comment
There was a problem hiding this comment.
Looks fine to me but let's see if that would be better to have a global flag instead of a per map flag for NO_PREALLOC disable since you mentioned another map in the issue. I'm really not sure which one is best 🤔
We could even extend this flag to the map we already have using no_prealloc, but maybe that's too much for this patch set and out of scope!
Contributor
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Enable BPF_F_NO_PREALLOC flag for the inner per-policy maps(policy_%d_map). Currently it uses a fixed size(32768) and the default preallocated hash map mode.
This commit will optimize the pre-allocation memory only for actual entries, which will reduce the footprint.
Fixes: #4249