diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-04 12:02:18 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-06-06 11:16:25 +0200 |
commit | 7df42800cf89e994b5179200825592d9b95c5fab (patch) | |
tree | 7e43c4623433a7b4ce1ca80da7d0d204ceca31e9 /src/rule.c | |
parent | 89bae935180a50f4ea827f5facc41459557380ef (diff) |
src: single cache_update() call to build cache before evaluation
This patch allows us to make one single cache_update() call. Thus, there
is not need to rebuild an incomplete cache from the middle of the batch
processing.
Note that nft_run_cmd_from_filename() does not need a full netlink dump
to build the cache anymore, this should speed nft -f with incremental
updates and very large rulesets.
cache_evaluate() calculates the netlink dump to populate the cache that
this batch needs.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 18 |
1 files changed, 2 insertions, 16 deletions
@@ -1501,15 +1501,8 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) { uint32_t flags = excl ? NLM_F_EXCL : 0; - if (nft_output_echo(&ctx->nft->output)) { - int ret; - - ret = cache_update(ctx->nft, cmd->obj, ctx->msgs); - if (ret < 0) - return ret; - + if (nft_output_echo(&ctx->nft->output)) flags |= NLM_F_ECHO; - } switch (cmd->obj) { case CMD_OBJ_TABLE: @@ -1552,15 +1545,8 @@ static int do_command_insert(struct netlink_ctx *ctx, struct cmd *cmd) { uint32_t flags = 0; - if (nft_output_echo(&ctx->nft->output)) { - int ret; - - ret = cache_update(ctx->nft, cmd->obj, ctx->msgs); - if (ret < 0) - return ret; - + if (nft_output_echo(&ctx->nft->output)) flags |= NLM_F_ECHO; - } switch (cmd->obj) { case CMD_OBJ_RULE: |