diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-04 12:02:18 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-06 11:16:25 +0200 |
| commit | 7df42800cf89e994b5179200825592d9b95c5fab (patch) | |
| tree | 7e43c4623433a7b4ce1ca80da7d0d204ceca31e9 /src/mnl.c | |
| parent | 89bae935180a50f4ea827f5facc41459557380ef (diff) | |
src: single cache_update() call to build cache before evaluation
This patch allows us to make one single cache_update() call. Thus, there
is not need to rebuild an incomplete cache from the middle of the batch
processing.
Note that nft_run_cmd_from_filename() does not need a full netlink dump
to build the cache anymore, this should speed nft -f with incremental
updates and very large rulesets.
cache_evaluate() calculates the netlink dump to populate the cache that
this batch needs.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/mnl.c')
| -rw-r--r-- | src/mnl.c | 8 |
1 files changed, 1 insertions, 7 deletions
@@ -394,15 +394,9 @@ int mnl_nft_rule_replace(struct netlink_ctx *ctx, const struct cmd *cmd) unsigned int flags = 0; struct nftnl_rule *nlr; struct nlmsghdr *nlh; - int err; - - if (nft_output_echo(&ctx->nft->output)) { - err = cache_update(ctx->nft, CMD_INVALID, ctx->msgs); - if (err < 0) - return err; + if (nft_output_echo(&ctx->nft->output)) flags |= NLM_F_ECHO; - } nlr = nftnl_rule_alloc(); if (!nlr) |