diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-04 12:53:11 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-08 10:59:02 +0100 |
| commit | b4b234f5a29e819045679acd95820a7457d4d7de (patch) | |
| tree | ccd5f16cc03b65d07922ada2fc2bf105aabeed2e /src/netlink.c | |
| parent | a6cc0106ac8c986030ae4d625782c6f48cea7d64 (diff) | |
mnl: do not build nftnl_set element list
Do not call alloc_setelem_cache() to build the set element list in
nftnl_set. Instead, translate one single set element expression to
nftnl_set_elem object at a time and use this object to build the netlink
header.
Using a huge test set containing 1.1 million element blocklist, this
patch is reducing userspace memory consumption by 40%.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
| -rw-r--r-- | src/netlink.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/netlink.c b/src/netlink.c index 28a5514a..f63f2bd1 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -100,8 +100,8 @@ struct nftnl_expr *alloc_nft_expr(const char *name) void __netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data, bool expand); -static struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set, - const struct expr *expr) +struct nftnl_set_elem *alloc_nftnl_setelem(const struct expr *set, + const struct expr *expr) { const struct expr *elem, *data; struct nftnl_set_elem *nlse; |