From 7df42800cf89e994b5179200825592d9b95c5fab Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 4 Jun 2019 12:02:18 +0200 Subject: src: single cache_update() call to build cache before evaluation This patch allows us to make one single cache_update() call. Thus, there is not need to rebuild an incomplete cache from the middle of the batch processing. Note that nft_run_cmd_from_filename() does not need a full netlink dump to build the cache anymore, this should speed nft -f with incremental updates and very large rulesets. cache_evaluate() calculates the netlink dump to populate the cache that this batch needs. Signed-off-by: Pablo Neira Ayuso --- src/libnftables.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src/libnftables.c') diff --git a/src/libnftables.c b/src/libnftables.c index f459ecd5..4bb770c0 100644 --- a/src/libnftables.c +++ b/src/libnftables.c @@ -381,8 +381,13 @@ static int nft_parse_bison_filename(struct nft_ctx *nft, const char *filename, static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs, struct list_head *cmds) { + unsigned int completeness; struct cmd *cmd; + completeness = cache_evaluate(nft, cmds); + if (cache_update(nft, completeness, msgs) < 0) + return -1; + list_for_each_entry(cmd, cmds, list) { struct eval_ctx ectx = { .nft = nft, @@ -454,10 +459,6 @@ int nft_run_cmd_from_filename(struct nft_ctx *nft, const char *filename) LIST_HEAD(msgs); LIST_HEAD(cmds); - rc = cache_update(nft, CMD_INVALID, &msgs); - if (rc < 0) - return -1; - if (!strcmp(filename, "-")) filename = "/dev/stdin"; -- cgit v1.2.3