From fdf64dcdace989589bac441805082e3b1fe6a915 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 25 Mar 2021 16:24:39 +0100
Subject: nft: cache: Sort chains on demand only

Mandatory sorted insert of chains into cache significantly slows down
restoring of large rulesets. Since the sorted list of user-defined
chains is needed for listing and verbose output only, introduce
nft_cache_sort_chains() and call it where needed.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-cache.h | 1 +
 1 file changed, 1 insertion(+)

(limited to 'iptables/nft-cache.h')

diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h
index 20d96bee..58a01526 100644
--- a/iptables/nft-cache.h
+++ b/iptables/nft-cache.h
@@ -16,6 +16,7 @@ int flush_rule_cache(struct nft_handle *h, const char *table,
 void nft_cache_build(struct nft_handle *h);
 int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t,
 			struct nftnl_chain *c);
+int nft_cache_sort_chains(struct nft_handle *h, const char *table);
 
 struct nft_chain *
 nft_chain_find(struct nft_handle *h, const char *table, const char *chain);
-- 
cgit v1.2.3