summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMikhail Sennikovsky <mikhail.sennikovskii@ionos.com>2022-06-09 22:41:42 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2022-06-20 16:37:00 +0200
commite349e2c61ebc3c97eb8d47e6719abf119e868bfe (patch)
tree076573861d9e02ce12aec873a24f2eb11b2ab643
parentd51d6dd3156786f5d259b51e4a2df1eb4d102dfe (diff)
conntrack: use same modifier socket for bulk ops
For bulk ct entry loads (with -R option) reusing the same mnl modifier socket for all entries results in reduction of entries creation time, which becomes especially signifficant when loading tens of thouthand of entries. Signed-off-by: Mikhail Sennikovsky <mikhail.sennikovskii@ionos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/conntrack.c27
1 files changed, 21 insertions, 6 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index 27e2bea..8214117 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -2470,6 +2470,23 @@ static void nfct_mnl_socket_close(const struct nfct_mnl_socket *sock)
mnl_socket_close(sock->mnl);
}
+static int nfct_mnl_socket_check_open(struct nfct_mnl_socket *socket,
+ unsigned int events)
+{
+ if (socket->mnl != NULL)
+ return 0;
+
+ return nfct_mnl_socket_open(socket, events);
+}
+
+static void nfct_mnl_socket_check_close(struct nfct_mnl_socket *sock)
+{
+ if (sock->mnl) {
+ nfct_mnl_socket_close(sock);
+ memset(sock, 0, sizeof(*sock));
+ }
+}
+
static int __nfct_mnl_dump(struct nfct_mnl_socket *sock,
const struct nlmsghdr *nlh, mnl_cb_t cb, void *data)
{
@@ -3383,19 +3400,17 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
break;
case CT_UPDATE:
- if (nfct_mnl_socket_open(modifier_sock, 0) < 0)
+ if (nfct_mnl_socket_check_open(modifier_sock, 0) < 0)
exit_error(OTHER_PROBLEM, "Can't open handler");
nfct_filter_init(cmd);
res = nfct_mnl_dump(sock, NFNL_SUBSYS_CTNETLINK,
IPCTNL_MSG_CT_GET, mnl_nfct_update_cb,
cmd, NULL);
-
- nfct_mnl_socket_close(modifier_sock);
break;
case CT_DELETE:
- if (nfct_mnl_socket_open(modifier_sock, 0) < 0)
+ if (nfct_mnl_socket_check_open(modifier_sock, 0) < 0)
exit_error(OTHER_PROBLEM, "Can't open handler");
nfct_filter_init(cmd);
@@ -3418,8 +3433,6 @@ static int do_command_ct(const char *progname, struct ct_cmd *cmd,
cmd, filter_dump);
nfct_filter_dump_destroy(filter_dump);
-
- nfct_mnl_socket_close(modifier_sock);
break;
case EXP_DELETE:
@@ -3856,6 +3869,7 @@ static const char *ct_unsupp_cmd_file(const struct ct_cmd *cmd)
int main(int argc, char *argv[])
{
+ struct nfct_mnl_socket *modifier_sock = &_modifier_sock;
struct nfct_mnl_socket *sock = &_sock;
struct ct_cmd *cmd, *next;
LIST_HEAD(cmd_list);
@@ -3900,6 +3914,7 @@ int main(int argc, char *argv[])
free(cmd);
}
nfct_mnl_socket_close(sock);
+ nfct_mnl_socket_check_close(modifier_sock);
return res < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}