nft: cache: Sort chains on demand only

Mandatory sorted insert of chains into cache significantly slows down restoring of large rulesets. Since the sorted list of user-defined chains is needed for listing and verbose output only, introduce nft_cache_sort_chains() and call it where needed. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2021-03-25 16:24:39 +0100
committer: Phil Sutter <phil@nwl.cc> 2021-04-06 10:52:42 +0200
commit: fdf64dcdace989589bac441805082e3b1fe6a915 (patch)
tree: 37fcc128d5f5c9030dc4a5ea4d377f2ef5afb3df /iptables/xtables-save.c
parent: c5d9a723b5159a28f547b577711787295a14fd84 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index d7901c65..cfce0472 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -87,6 +87,7 @@ __do_output(struct nft_handle *h, const char *tablename, void *data)
 	printf("*%s\n", tablename);
 	/* Dump out chain names first,
 	 * thereby preventing dependency conflicts */
+	nft_cache_sort_chains(h, tablename);
 	nft_chain_foreach(h, tablename, nft_chain_save, h);
 	nft_rule_save(h, tablename, d->format);
 	if (d->commit)
author	Phil Sutter <phil@nwl.cc>	2021-03-25 16:24:39 +0100
committer	Phil Sutter <phil@nwl.cc>	2021-04-06 10:52:42 +0200
commit	fdf64dcdace989589bac441805082e3b1fe6a915 (patch)
tree	37fcc128d5f5c9030dc4a5ea4d377f2ef5afb3df /iptables/xtables-save.c
parent	c5d9a723b5159a28f547b577711787295a14fd84 (diff)