diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-04-02 20:26:15 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-04-03 19:41:02 +0200 |
commit | df48e56e987f84bb32ea53dfe98569dfe3fb7e37 (patch) | |
tree | 945f098ec9d185504435f31cfe792b734e1efd0b /include | |
parent | 6b7b7d5d219dca4465390f4a69096383d17782d3 (diff) |
cache: add hashtable cache for sets
This patch adds a hashtable for set lookups.
This patch also splits table->sets in two:
- Sets that reside in the cache are stored in the new
tables->cache_set and tables->cache_set_ht.
- Set that defined via command line / ruleset file reside in
tables->set.
Sets in the cache (already in the kernel) are not placed in the
table->sets list.
By keeping separated lists, sets defined via command line / ruleset file
can be added to cache.
Adding 10000 sets, before:
# time nft -f x
real 0m6,415s
user 0m3,126s
sys 0m3,284s
After:
# time nft -f x
real 0m3,949s
user 0m0,743s
sys 0m3,205s
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/cache.h | 2 | ||||
-rw-r--r-- | include/netlink.h | 1 | ||||
-rw-r--r-- | include/rule.h | 6 |
3 files changed, 6 insertions, 3 deletions
diff --git a/include/cache.h b/include/cache.h index 087f9ba9..f500e1b1 100644 --- a/include/cache.h +++ b/include/cache.h @@ -59,5 +59,7 @@ void cache_release(struct nft_cache *cache); void chain_cache_add(struct chain *chain, struct table *table); struct chain *chain_cache_find(const struct table *table, const struct handle *handle); +void set_cache_add(struct set *set, struct table *table); +struct set *set_cache_find(const struct table *table, const char *name); #endif /* _NFT_CACHE_H_ */ diff --git a/include/netlink.h b/include/netlink.h index cf8aae46..f93c5322 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -139,7 +139,6 @@ extern int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h); extern struct table *netlink_delinearize_table(struct netlink_ctx *ctx, const struct nftnl_table *nlt); -extern int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h); extern struct set *netlink_delinearize_set(struct netlink_ctx *ctx, const struct nftnl_set *nls); diff --git a/include/rule.h b/include/rule.h index ad9cca90..90c01e90 100644 --- a/include/rule.h +++ b/include/rule.h @@ -158,6 +158,8 @@ struct table { struct list_head *cache_chain_ht; struct list_head cache_chain; struct list_head chains; + struct list_head *cache_set_ht; + struct list_head cache_set; struct list_head sets; struct list_head objs; struct list_head flowtables; @@ -331,6 +333,8 @@ void rule_stmt_insert_at(struct rule *rule, struct stmt *nstmt, */ struct set { struct list_head list; + struct list_head cache_hlist; + struct list_head cache_list; struct handle handle; struct location location; unsigned int refcnt; @@ -359,8 +363,6 @@ extern struct set *set_alloc(const struct location *loc); extern struct set *set_get(struct set *set); extern void set_free(struct set *set); extern struct set *set_clone(const struct set *set); -extern void set_add_hash(struct set *set, struct table *table); -extern struct set *set_lookup(const struct table *table, const char *name); extern struct set *set_lookup_global(uint32_t family, const char *table, const char *name, struct nft_cache *cache); extern struct set *set_lookup_fuzzy(const char *set_name, |