diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-05-19 12:18:04 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-05-19 12:18:06 +0200 |
commit | 337636fc670eaed5c7146f99af8719018f63fe3b (patch) | |
tree | 7ddacf7ef5052951706748180432e6c0605319b7 /src/netlink_linearize.c | |
parent | ef184c4e844eac8c3eda0c8c6fc1370078a9d66a (diff) |
src: add set netlink message to the batch
This patch moves the netlink set messages to the batch that contains
the rules. This helps to speed up rule-set restoration time by
changing the operational. To achieve this, an internal set ID which
is unique to the batch is allocated as suggested by Patrick.
To retain backward compatibility, nft initially guesses if the
kernel supports set in batches. Otherwise, it falls back to the
previous (slowier) operational.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index e80646b6..e3f06afe 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -129,6 +129,8 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx, nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_DREG, dreg); nft_rule_expr_set_str(nle, NFT_EXPR_LOOKUP_SET, expr->mappings->set->handle.set); + nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_SET_ID, + expr->mappings->set->handle.set_id); if (dreg == NFT_REG_VERDICT) release_register(ctx); @@ -153,6 +155,8 @@ static void netlink_gen_lookup(struct netlink_linearize_ctx *ctx, nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_SREG, sreg); nft_rule_expr_set_str(nle, NFT_EXPR_LOOKUP_SET, expr->right->set->handle.set); + nft_rule_expr_set_u32(nle, NFT_EXPR_LOOKUP_SET_ID, + expr->right->set->handle.set_id); release_register(ctx); nft_rule_add_expr(ctx->nlr, nle); |