diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-29 13:09:03 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-30 00:26:16 +0200 |
commit | 3f1d3912c3a6b42158149a97f59d1c01debfd132 (patch) | |
tree | 37cdee6545be7d41756c8d5c6bade037a767eb20 /include/cache.h | |
parent | a1a6b0a5c3c4b4b305fa34a77932ee1c6452d1c8 (diff) |
cache: filter out tables that are not requested
Do not fetch table content for list commands that specify a
table name, e.g.
# nft list table filter
This speeds up listing of a given table by not populating the
cache with tables that are not needed.
- Full ruleset (huge with ~100k lines).
# sudo nft list ruleset &> /dev/null
real 0m3,049s
user 0m2,080s
sys 0m0,968s
- Listing per table is now faster:
# nft list table nat &> /dev/null
real 0m1,969s
user 0m1,412s
sys 0m0,556s
# nft list table filter &> /dev/null
real 0m0,697s
user 0m0,478s
sys 0m0,220s
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1326
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/cache.h')
-rw-r--r-- | include/cache.h | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/include/cache.h b/include/cache.h index 70aaf735..3130b2c0 100644 --- a/include/cache.h +++ b/include/cache.h @@ -38,12 +38,18 @@ enum cache_level_flags { NFT_CACHE_FLUSHED = (1 << 31), }; +struct nft_cache_filter { + const char *table; +}; + struct nft_cache; enum cmd_ops; -unsigned int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds); +unsigned int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds, + struct nft_cache_filter *filter); int nft_cache_update(struct nft_ctx *ctx, enum cmd_ops cmd, - struct list_head *msgs); + struct list_head *msgs, + const struct nft_cache_filter *filter); bool nft_cache_needs_update(struct nft_cache *cache); void nft_cache_release(struct nft_cache *cache); |