diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-01-06 13:20:14 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-05-11 14:28:28 +0200 |
commit | 9d07514ac5c7a27ec72df5a81bf067073d63bd99 (patch) | |
tree | 129a8f08d7c132296c7d8131c540074995551bac /iptables/nft.c | |
parent | a7f1e208cdf9c6392c99d3c52764701d004bdde7 (diff) |
nft: calculate cache requirements from list of commands
This patch uses the new list of commands to calculate the cache
requirements, the rationale after this updates is the following:
#1 Parsing, that builds the list of commands and it also calculates
cache level requirements.
#2 Cache building.
#3 Translate commands to jobs
#4 Translate jobs to netlink
This patch removes the pre-parsing code in xtables-restore.c to
calculate the cache.
After this patch, cache is calculated only once, there is no need
to cancel and refetch for an in-transit transaction.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index bbbf7c61..f069396a 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -954,6 +954,7 @@ static struct nftnl_set *add_anon_set(struct nft_handle *h, const char *table, { static uint32_t set_id = 0; struct nftnl_set *s; + struct nft_cmd *cmd; s = nftnl_set_alloc(); if (!s) @@ -969,7 +970,14 @@ static struct nftnl_set *add_anon_set(struct nft_handle *h, const char *table, nftnl_set_set_u32(s, NFTNL_SET_KEY_LEN, key_len); nftnl_set_set_u32(s, NFTNL_SET_DESC_SIZE, size); - return batch_set_add(h, NFT_COMPAT_SET_ADD, s) ? s : NULL; + cmd = nft_cmd_new(h, NFT_COMPAT_SET_ADD, table, NULL, NULL, -1, false); + if (!cmd) { + nftnl_set_free(s); + return NULL; + } + cmd->obj.set = s; + + return s; } static struct nftnl_expr * @@ -2996,6 +3004,8 @@ static int nft_prepare(struct nft_handle *h) struct nft_cmd *cmd, *next; int ret = 1; + nft_cache_build(h); + list_for_each_entry_safe(cmd, next, &h->cmd_list, head) { switch (cmd->command) { case NFT_COMPAT_TABLE_FLUSH: @@ -3081,9 +3091,12 @@ static int nft_prepare(struct nft_handle *h) nft_xt_builtin_init(h, cmd->table); ret = 1; break; + case NFT_COMPAT_SET_ADD: + batch_set_add(h, NFT_COMPAT_SET_ADD, cmd->obj.set); + ret = 1; + break; case NFT_COMPAT_TABLE_ADD: case NFT_COMPAT_CHAIN_ADD: - case NFT_COMPAT_SET_ADD: assert(0); break; } |