From a37212f2fd90739e17f3dbb96ea6284d7755bf5f Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 29 Nov 2021 15:28:33 +0100 Subject: cache: Filter tables on kernel side Instead of requesting a dump of all tables and filtering the data in user space, construct a non-dump request if filter contains a table so kernel returns only that single table. This should improve nft performance in rulesets with many tables present. Signed-off-by: Phil Sutter --- include/mnl.h | 2 +- include/netlink.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/mnl.h b/include/mnl.h index 68ec80cd..344030f3 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -50,7 +50,7 @@ int mnl_nft_table_add(struct netlink_ctx *ctx, struct cmd *cmd, int mnl_nft_table_del(struct netlink_ctx *ctx, struct cmd *cmd); struct nftnl_table_list *mnl_nft_table_dump(struct netlink_ctx *ctx, - int family); + int family, const char *table); int mnl_nft_set_add(struct netlink_ctx *ctx, struct cmd *cmd, unsigned int flags); diff --git a/include/netlink.h b/include/netlink.h index a692edcd..0e439061 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -135,7 +135,8 @@ extern int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h); extern struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx, const struct nftnl_chain *nlc); -extern int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h); +extern int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, + const struct nft_cache_filter *filter); extern struct table *netlink_delinearize_table(struct netlink_ctx *ctx, const struct nftnl_table *nlt); -- cgit v1.2.3