summaryrefslogtreecommitdiffstats
path: root/include/cache.h
Commit message (Collapse)AuthorAgeFilesLines
* src: move remaining cache functions in rule.c to cache.cPablo Neira Ayuso2021-03-111-2/+4
| | | | | | Move all the cache logic to src/cache.c Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add chain hashtable cachePablo Neira Ayuso2020-08-261-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | This significantly improves ruleset listing time with large rulesets (~50k rules) with _lots_ of non-base chains. # time nft list ruleset &> /dev/null Before this patch: real 0m11,172s user 0m6,810s sys 0m4,220s After this patch: real 0m4,747s user 0m0,802s sys 0m3,912s This patch also removes list_bindings from netlink_ctx since there is no need to keep a temporary list of chains anymore. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add expression handler hashtablePablo Neira Ayuso2020-08-261-0/+10
| | | | | | | netlink_parsers is actually small, but update this code to use a hashtable instead since more expressions may come in the future. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: cache gets out of sync in interactive modePablo Neira Ayuso2020-08-061-0/+1
| | | | | | | | | | | Since 94a945ffa81b ("libnftables: Get rid of explicit cache flushes"), the cache logic checks for the generation number to refresh the cache. This breaks interactive mode when listing stateful objects though. This patch adds a new flag to force a cache refresh when the user requests a ruleset listing. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* cache: add NFT_CACHE_UPDATE and NFT_CACHE_FLUSHED flagsPablo Neira Ayuso2019-07-231-0/+2
| | | | | | | | | | | | | | | | | | | NFT_CACHE_FLUSHED tells cache_update() to skip the netlink dump to populate the cache, since the existing ruleset is going to flushed by this batch. NFT_CACHE_UPDATE tells rule_evaluate() to perform incremental updates to the cache based on the existing batch, this is required by the rule commands that use the index and the position selectors. This patch removes cache_flush() which is not required anymore. This cache removal is coming too late, in the evaluation phase, after the initial cache_update() invocation. Be careful with NFT_CACHE_UPDATE, this flag needs to be left in place if NFT_CACHE_FLUSHED is set on. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* src: add cache level flagsPablo Neira Ayuso2019-06-171-0/+35
The score approach based on command type is confusing. This patch introduces cache level flags, each flag specifies what kind of object type is needed. These flags are set on/off depending on the list of commands coming in this batch. cache_is_complete() now checks if the cache contains the objects that are needed through these new flags. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>