diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-04 12:53:11 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-08 10:59:02 +0100 |
commit | b4b234f5a29e819045679acd95820a7457d4d7de (patch) | |
tree | ccd5f16cc03b65d07922ada2fc2bf105aabeed2e /include/netlink.h | |
parent | a6cc0106ac8c986030ae4d625782c6f48cea7d64 (diff) |
mnl: do not build nftnl_set element list
Do not call alloc_setelem_cache() to build the set element list in
nftnl_set. Instead, translate one single set element expression to
nftnl_set_elem object at a time and use this object to build the netlink
header.
Using a huge test set containing 1.1 million element blocklist, this
patch is reducing userspace memory consumption by 40%.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/netlink.h')
-rw-r--r-- | include/netlink.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/netlink.h b/include/netlink.h index 2467ff82..c1d7d318 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -72,6 +72,8 @@ struct netlink_ctx { extern struct nftnl_expr *alloc_nft_expr(const char *name); extern void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls); +struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set, + const struct expr *expr); extern struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh); extern struct nftnl_chain *netlink_chain_alloc(const struct nlmsghdr *nlh); |