cache: Filter tables on kernel side

Instead of requesting a dump of all tables and filtering the data in user space, construct a non-dump request if filter contains a table so kernel returns only that single table. This should improve nft performance in rulesets with many tables present. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2021-11-29 15:28:33 +0100
committer: Phil Sutter <phil@nwl.cc> 2021-12-03 12:50:18 +0100
commit: a37212f2fd90739e17f3dbb96ea6284d7755bf5f (patch)
tree: c508b297db88ff2e2ff0e76f408173c0b33041d6 /src/netlink.c
parent: 49ac868a0d5b99bad5dbf5603ebf02237a37459d (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/src/netlink.c b/src/netlink.c
index ab90d0c0..f74c0383 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -664,11 +664,19 @@ static int list_table_cb(struct nftnl_table *nlt, void *arg)
 	return 0;
 }
 
-int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h)
+int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h,
+			const struct nft_cache_filter *filter)
 {
 	struct nftnl_table_list *table_cache;
+	uint32_t family = h->family;
+	const char *table = NULL;
 
-	table_cache = mnl_nft_table_dump(ctx, h->family);
+	if (filter) {
+		family = filter->list.family;
+		table = filter->list.table;
+	}
+
+	table_cache = mnl_nft_table_dump(ctx, family, table);
 	if (table_cache == NULL) {
 		if (errno == EINTR)
 			return -1;
author	Phil Sutter <phil@nwl.cc>	2021-11-29 15:28:33 +0100
committer	Phil Sutter <phil@nwl.cc>	2021-12-03 12:50:18 +0100
commit	a37212f2fd90739e17f3dbb96ea6284d7755bf5f (patch)
tree	c508b297db88ff2e2ff0e76f408173c0b33041d6 /src/netlink.c
parent	49ac868a0d5b99bad5dbf5603ebf02237a37459d (diff)