diff --git a/net/ipset/ipset.go b/net/ipset/ipset.go index 58a1204322945..70068d0a22f34 100644 --- a/net/ipset/ipset.go +++ b/net/ipset/ipset.go @@ -70,19 +70,22 @@ func NewContainsIPFunc(addrs views.Slice[netip.Prefix]) func(ip netip.Addr) bool // If any addr is a prefix with more than a single IP, then do either a // linear scan or a bart table, depending on the number of addrs. if addrs.ContainsFunc(func(p netip.Prefix) bool { return !p.IsSingleIP() }) { - if addrs.Len() > 6 { - pathForTest("bart") - // Built a bart table. - t := &bart.Table[struct{}]{} - for i := range addrs.Len() { - t.Insert(addrs.At(i), struct{}{}) - } - return bartLookup(t) - } else { - pathForTest("linear-contains") + if addrs.Len() == 1 { + pathForTest("one-prefix") + return addrs.At(0).Contains + } + if addrs.Len() <= 6 { // Small enough to do a linear search. + pathForTest("linear-contains") return prefixContainsLoop(addrs.AsSlice()) } + pathForTest("bart") + // Built a bart table. + t := &bart.Table[struct{}]{} + for i := range addrs.Len() { + t.Insert(addrs.At(i), struct{}{}) + } + return bartLookup(t) } // Fast paths for 1 and 2 IPs: if addrs.Len() == 1 { diff --git a/net/ipset/ipset_test.go b/net/ipset/ipset_test.go index 7060df5b30da8..2df4939cb99ad 100644 --- a/net/ipset/ipset_test.go +++ b/net/ipset/ipset_test.go @@ -41,7 +41,7 @@ var newContainsIPFuncTests = []struct { { name: "cidr-list-1", pfx: pp("10.0.0.0/8"), - want: "linear-contains", + want: "one-prefix", wantIn: aa("10.0.0.1", "10.2.3.4"), wantOut: aa("8.8.8.8"), },