diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-04-02 20:26:15 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-04-03 19:41:02 +0200 |
commit | df48e56e987f84bb32ea53dfe98569dfe3fb7e37 (patch) | |
tree | 945f098ec9d185504435f31cfe792b734e1efd0b /src/netlink.c | |
parent | 6b7b7d5d219dca4465390f4a69096383d17782d3 (diff) |
cache: add hashtable cache for sets
This patch adds a hashtable for set lookups.
This patch also splits table->sets in two:
- Sets that reside in the cache are stored in the new
tables->cache_set and tables->cache_set_ht.
- Set that defined via command line / ruleset file reside in
tables->set.
Sets in the cache (already in the kernel) are not placed in the
table->sets list.
By keeping separated lists, sets defined via command line / ruleset file
can be added to cache.
Adding 10000 sets, before:
# time nft -f x
real 0m6,415s
user 0m3,126s
sys 0m3,284s
After:
# time nft -f x
real 0m3,949s
user 0m0,743s
sys 0m3,205s
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/src/netlink.c b/src/netlink.c index 89d224ed..e8b01609 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -974,37 +974,6 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx, return set; } -static int list_set_cb(struct nftnl_set *nls, void *arg) -{ - struct netlink_ctx *ctx = arg; - struct set *set; - - set = netlink_delinearize_set(ctx, nls); - if (set == NULL) - return -1; - list_add_tail(&set->list, &ctx->list); - return 0; -} - -int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h) -{ - struct nftnl_set_list *set_cache; - int err; - - set_cache = mnl_nft_set_dump(ctx, h->family, h->table.name); - if (set_cache == NULL) { - if (errno == EINTR) - return -1; - - return 0; - } - - ctx->data = h; - err = nftnl_set_list_foreach(set_cache, list_set_cb, ctx); - nftnl_set_list_free(set_cache); - return err; -} - void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls) { struct nftnl_set_elem *nlse; |