mnl: do not build nftnl_set element list

Do not call alloc_setelem_cache() to build the set element list in nftnl_set. Instead, translate one single set element expression to nftnl_set_elem object at a time and use this object to build the netlink header. Using a huge test set containing 1.1 million element blocklist, this patch is reducing userspace memory consumption by 40%. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-11-04 12:53:11 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-11-08 10:59:02 +0100
commit: b4b234f5a29e819045679acd95820a7457d4d7de (patch)
tree: ccd5f16cc03b65d07922ada2fc2bf105aabeed2e /include
parent: a6cc0106ac8c986030ae4d625782c6f48cea7d64 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/netlink.h b/include/netlink.h
index 2467ff82..c1d7d318 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -72,6 +72,8 @@ struct netlink_ctx {
 
 extern struct nftnl_expr *alloc_nft_expr(const char *name);
 extern void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls);
+struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set,
+					   const struct expr *expr);
 
 extern struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh);
 extern struct nftnl_chain *netlink_chain_alloc(const struct nlmsghdr *nlh);
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-11-04 12:53:11 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-11-08 10:59:02 +0100
commit	b4b234f5a29e819045679acd95820a7457d4d7de (patch)
tree	ccd5f16cc03b65d07922ada2fc2bf105aabeed2e /include
parent	a6cc0106ac8c986030ae4d625782c6f48cea7d64 (diff)