diff options
author | Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> | 2014-02-11 18:36:44 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-02-12 10:10:10 +0100 |
commit | e6b8e172fca48f5d80699afe80947b0fc1f23fd6 (patch) | |
tree | 7464bcc9cec4fdee20bec33923ddefd6f7abb8ab /iptables/nft.c | |
parent | 690ea18fdd6f8bc12322a729a2f7c97d8e731c43 (diff) |
nft: Initialize a table only once
This helps to remove some runtime overhead, especially when running
xtables-restore.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 501c6d86..49322bdd 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -436,6 +436,9 @@ nft_table_builtin_add(struct nft_handle *h, struct builtin_table *_t, struct nft_table *t; int ret; + if (_t->initialized) + return 0; + t = nft_table_alloc(); if (t == NULL) return -1; @@ -464,6 +467,10 @@ nft_table_builtin_add(struct nft_handle *h, struct builtin_table *_t, if (errno != EEXIST) perror("mnl-talk:nft_table_init_one"); } + + if (ret == 0 || errno == EEXIST) + _t->initialized = true; + return ret; } @@ -2414,6 +2421,9 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename, uint32_t table_family, chain_family; bool found = false; + if (h->restore) + return 0; + if (xtables_config_parse(filename, table_list, chain_list) < 0) { if (errno == ENOENT) { xtables_config_perror(flags, |