On 11.04, Pablo Neira Ayuso wrote: > From: Pablo Neira <pablo@xxxxxxxxxxxxx> > > nftables used to have a cache to speed up interface name <-> index lookup, > restore it using libmnl. > > This reduces netlink traffic since if_nametoindex() and if_indextoname() open, > send a request, receive the list of interface and close a netlink socket for > each call. I think this is also good for consistency since nft -f will operate > with the same index number when reloading the ruleset. > > For the interactive mode, we fall back on if_nametoindex() and if_indextoname() > to make sure that we always get fresh interface name to index mappings. > > Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> > --- > v3: Fall back to if_nametoindex() and if_indextoname() in interactive mode. That seems like a good way. One more suggestions - how about only doing a cache fill on the first invocation? That way we can avoid it in many cases, f.i. set listings, some times for rulesets as well, flushing, ... -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
