diff options
author | Phil Sutter <phil@nwl.cc> | 2018-09-25 14:24:16 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-26 10:32:28 +0200 |
commit | a428f882ebb6b79ca18c4d18946cacba40b8d84f (patch) | |
tree | 218ade0d0f09875f29630a1a515f23d84982fe1c /tests/shell | |
parent | 61dc3b130c1b685ddae713ef9bede864f8bc7d33 (diff) |
tests: shell: Improve performance of 0021prio_0
This test called nft binary 391 times and took about 38s to complete on
my testing VM. Improve this by writing all commands into a temporary
file for processing in a single nft call. Reduces run-time to about 4s.
Interestingly, piping the sub-process's output directly into 'nft -f -'
leads to spurious errors (parser complaining about perfectly fine
syntax). It seems like handling large input this way is not possible.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell')
-rwxr-xr-x | tests/shell/testcases/chains/0021prio_0 | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 index b54b6fae..e7612974 100755 --- a/tests/shell/testcases/chains/0021prio_0 +++ b/tests/shell/testcases/chains/0021prio_0 @@ -32,14 +32,22 @@ gen_chains () { for i in -11 -10 0 10 11 do local offset=`format_offset $i` - local chainname=`chainname $hook $prioname $offset` - $NFT add chain $family x $chainname "{ type filter hook $hook $device priority $prioname $offset; }" + local cmd="add chain $family x" + cmd+=" `chainname $hook $prioname $offset` {" + cmd+=" type filter hook $hook $device" + cmd+=" priority $prioname $offset; }" + echo "$cmd" done } +tmpfile=$(mktemp) +trap "rm $tmpfile" EXIT + +( + for family in ip ip6 inet do - $NFT add table $family x + echo "add table $family x" for hook in prerouting input forward output postrouting do for prioname in raw mangle filter security @@ -47,24 +55,23 @@ do gen_chains $family $hook $prioname done done - gen_chains $family prerouting dstnat gen_chains $family postrouting srcnat done family=arp -$NFT add table $family x +echo "add table $family x" for hook in input output do gen_chains $family $hook filter done family=netdev -$NFT add table $family x +echo "add table $family x" gen_chains $family ingress filter lo family=bridge -$NFT add table $family x +echo "add table $family x" for hook in prerouting input forward output postrouting do gen_chains $family $hook filter @@ -72,3 +79,6 @@ done gen_chains $family prerouting dstnat gen_chains $family output out gen_chains $family postrouting srcnat + +) >$tmpfile +$NFT -f $tmpfile |