diff options
author | Phil Sutter <phil@nwl.cc> | 2021-11-29 15:36:45 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2021-12-03 12:50:18 +0100 |
commit | 95781fcbddcd6524f67a3357c0cf91f13be24053 (patch) | |
tree | 97550ae5eb5a7bdbba27a77bd3a8252f54ce6a51 /src/mnl.c | |
parent | a37212f2fd90739e17f3dbb96ea6284d7755bf5f (diff) |
cache: Filter rule list on kernel side
Instead of fetching all existing rules in kernel's ruleset and filtering
in user space, add payload to the dump request specifying the table and
chain to filter for.
Since list_rule_cb() no longer needs the filter, pass only netlink_ctx
to the callback and drop struct rule_cache_dump_ctx.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'src/mnl.c')
-rw-r--r-- | src/mnl.c | 21 |
1 files changed, 19 insertions, 2 deletions
@@ -653,20 +653,37 @@ err_free: return MNL_CB_OK; } -struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, - int family) +struct nftnl_rule_list *mnl_nft_rule_dump(struct netlink_ctx *ctx, int family, + const struct nft_cache_filter *filter) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nftnl_rule_list *nlr_list; + struct nftnl_rule *nlr = NULL; struct nlmsghdr *nlh; int ret; + if (filter && filter->list.table) { + nlr = nftnl_rule_alloc(); + if (!nlr) + memory_allocation_error(); + + nftnl_rule_set_str(nlr, NFTNL_RULE_TABLE, + filter->list.table); + if (filter->list.chain) + nftnl_rule_set_str(nlr, NFTNL_RULE_CHAIN, + filter->list.chain); + } + nlr_list = nftnl_rule_list_alloc(); if (nlr_list == NULL) memory_allocation_error(); nlh = nftnl_nlmsg_build_hdr(buf, NFT_MSG_GETRULE, family, NLM_F_DUMP, ctx->seqnum); + if (nlr) { + nftnl_rule_nlmsg_build_payload(nlh, nlr); + nftnl_rule_free(nlr); + } ret = nft_mnl_talk(ctx, nlh, nlh->nlmsg_len, rule_cb, nlr_list); if (ret < 0) |