diff options
| author | Phil Sutter <phil@nwl.cc> | 2021-04-14 13:47:47 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2021-04-21 12:40:54 +0200 |
| commit | 5f6f20913c862f6a844a8f7143ed074284423897 (patch) | |
| tree | f805c6504690f7b7c52c1df6d55e09c6e5013b7f /src/mnl.c | |
| parent | 4b600bfa59a50cdd728e86618708957195f40028 (diff) | |
mnl: Increase BATCH_PAGE_SIZE to support huge rulesets
Apply the same change from iptables-nft to nftables to keep them in
sync with regards to max supported transaction sizes.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'src/mnl.c')
| -rw-r--r-- | src/mnl.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -160,11 +160,11 @@ static int check_genid(const struct nlmsghdr *nlh) * Batching */ -/* selected batch page is 256 Kbytes long to load ruleset of - * half a million rules without hitting -EMSGSIZE due to large - * iovec. +/* Selected batch page is 2 Mbytes long to support loading a ruleset of 3.5M + * rules matching on source and destination address as well as input and output + * interfaces. This is what legacy iptables supports. */ -#define BATCH_PAGE_SIZE getpagesize() * 32 +#define BATCH_PAGE_SIZE 2 * 1024 * 1024 struct nftnl_batch *mnl_batch_init(void) { |