diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-04 12:02:18 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-06 11:16:25 +0200 |
commit | 7df42800cf89e994b5179200825592d9b95c5fab (patch) | |
tree | 7e43c4623433a7b4ce1ca80da7d0d204ceca31e9 /src/libnftables.c | |
parent | 89bae935180a50f4ea827f5facc41459557380ef (diff) |
src: single cache_update() call to build cache before evaluation
This patch allows us to make one single cache_update() call. Thus, there
is not need to rebuild an incomplete cache from the middle of the batch
processing.
Note that nft_run_cmd_from_filename() does not need a full netlink dump
to build the cache anymore, this should speed nft -f with incremental
updates and very large rulesets.
cache_evaluate() calculates the netlink dump to populate the cache that
this batch needs.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/libnftables.c')
-rw-r--r-- | src/libnftables.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/libnftables.c b/src/libnftables.c index f459ecd5..4bb770c0 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -381,8 +381,13 @@ static int nft_parse_bison_filename(struct nft_ctx *nft, const char *filename, static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs, struct list_head *cmds) { + unsigned int completeness; struct cmd *cmd; + completeness = cache_evaluate(nft, cmds); + if (cache_update(nft, completeness, msgs) < 0) + return -1; + list_for_each_entry(cmd, cmds, list) { struct eval_ctx ectx = { .nft = nft, @@ -454,10 +459,6 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename) LIST_HEAD(msgs); LIST_HEAD(cmds); - rc = cache_update(nft, CMD_INVALID, &msgs); - if (rc < 0) - return -1; - if (!strcmp(filename, "-")) filename = "/dev/stdin"; |