We currently map IPv4 addresses to IPv6 ones, and then work on IPv6 addresses exclusively. This is a significant performance hit, since we need to hash 4x more bytes (roughly).

If we split the code into IPv4 and IPv6 specific, we can determine the protocol in New and then attach the correct BPF filter. This should give us a nice boost for IPv4.

Thoughts on what has to happen:

• Split packet_element into two structs
• Modify add_to_node to take a pointer + length instead of pointer to packet_element

Making process_packet generic is going to be tricky. Maybe we can describe each level as a table?

static const struct level_desc level1[] = {
	{ADDRESS_NET, PORT_SPECIFIED, ADDRESS_IP, PORT_SPECIFIED}
	{ADDRESS_IP, PORT_WILDCARD, ADDRESS_IP, PORT_SPECIFIED}
	{ADDRESS_IP, PORT_SPECIFIED, ADDRESS_IP, PORT_WILDCARD}
};

Then we could use a for loop + #pragma unroll to generate one version for ipv4 and ipv6 each. That would still involve a lot of copypasta, so maybe there is a better solution.