diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-22 11:33:27 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-08-23 19:16:50 +0200 |
commit | 70d99ce8bf8bd3dab84ea0a6249812b04ec95b8c (patch) | |
tree | ec0657b962a09a7c9595a66e98489adef3d8b94b /tests/shell/testcases/sets/0036add_set_element_expiration_0 | |
parent | c791765cb0d62ba261f0b495e07315437b3ae914 (diff) |
cache: chain listing implicitly sets on terse option
If user specifies a chain to be listed (which is internally handled via
filtering options), then toggle NFT_CACHE_TERSE to skip fetching set
content from kernel for non-anonymous sets.
With a large IPv6 set with bogons, before this patch:
# time nft list chain inet raw x
table inet raw {
chain x {
ip6 saddr @bogons6
ip6 saddr { aaaa::, bbbb:: }
}
}
real 0m2,913s
user 0m1,345s
sys 0m1,568s
After this patch:
# time nft list chain inet raw prerouting
table inet raw {
chain x {
ip6 saddr @bogons6
ip6 saddr { aaaa::, bbbb:: }
}
}
real 0m0,056s
user 0m0,018s
sys 0m0,039s
This speeds up chain listing in the presence of a large set.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/sets/0036add_set_element_expiration_0')
0 files changed, 0 insertions, 0 deletions