diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-29 13:09:03 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-09-30 00:26:16 +0200 |
commit | 3f1d3912c3a6b42158149a97f59d1c01debfd132 (patch) | |
tree | 37cdee6545be7d41756c8d5c6bade037a767eb20 /src/libnftables.c | |
parent | a1a6b0a5c3c4b4b305fa34a77932ee1c6452d1c8 (diff) |
cache: filter out tables that are not requested
Do not fetch table content for list commands that specify a
table name, e.g.
# nft list table filter
This speeds up listing of a given table by not populating the
cache with tables that are not needed.
- Full ruleset (huge with ~100k lines).
# sudo nft list ruleset &> /dev/null
real 0m3,049s
user 0m2,080s
sys 0m0,968s
- Listing per table is now faster:
# nft list table nat &> /dev/null
real 0m1,969s
user 0m1,412s
sys 0m0,556s
# nft list table filter &> /dev/null
real 0m0,697s
user 0m0,478s
sys 0m0,220s
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1326
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/libnftables.c')
-rw-r--r-- | src/libnftables.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/libnftables.c b/src/libnftables.c index fc52fbc3..2b2ed1a4 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -459,11 +459,12 @@ static int nft_parse_bison_filename(struct nft_ctx *nft, const char *filename, static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs, struct list_head *cmds) { + struct nft_cache_filter filter = {}; unsigned int flags; struct cmd *cmd; - flags = nft_cache_evaluate(nft, cmds); - if (nft_cache_update(nft, flags, msgs) < 0) + flags = nft_cache_evaluate(nft, cmds, &filter); + if (nft_cache_update(nft, flags, msgs, &filter) < 0) return -1; list_for_each_entry(cmd, cmds, list) { |