From a37212f2fd90739e17f3dbb96ea6284d7755bf5f Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 29 Nov 2021 15:28:33 +0100 Subject: cache: Filter tables on kernel side Instead of requesting a dump of all tables and filtering the data in user space, construct a non-dump request if filter contains a table so kernel returns only that single table. This should improve nft performance in rulesets with many tables present. Signed-off-by: Phil Sutter --- src/netlink.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/netlink.c') diff --git a/src/netlink.c b/src/netlink.c index ab90d0c0..f74c0383 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -664,11 +664,19 @@ static int list_table_cb(struct nftnl_table *nlt, void *arg) return 0; } -int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h) +int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h, + const struct nft_cache_filter *filter) { struct nftnl_table_list *table_cache; + uint32_t family = h->family; + const char *table = NULL; - table_cache = mnl_nft_table_dump(ctx, h->family); + if (filter) { + family = filter->list.family; + table = filter->list.table; + } + + table_cache = mnl_nft_table_dump(ctx, family, table); if (table_cache == NULL) { if (errno == EINTR) return -1; -- cgit v1.2.3