On 11.04, Pablo Neira Ayuso wrote:
> From: Pablo Neira <pablo@xxxxxxxxxxxxx>
>
> nftables used to have a cache to speed up interface name <-> index lookup,
> restore it using libmnl.
>
> This reduces netlink traffic since if_nametoindex() and if_indextoname() open,
> send a request, receive the list of interface and close a netlink socket for
> each call. I think this is also good for consistency since nft -f will operate
> with the same index number when reloading the ruleset.
>
> In the interactive mode, the first call to nft_if_nametoindex() and
> nft_if_indextoname() updates the cache, then follow up calls will use what they
> find in the cache. By when the command is complete, the cache is invalidated.
Not sure if this is based on my suggestion. It makes sense of course, but
what I meant was:
> +unsigned int nft_if_nametoindex(const char *name)
> +{
> + struct iface *iface;
> +
> + if (interactive && !iface_cache_init)
> + iface_cache_update();
To only update the cache if it is actually needed, so update here always
if !iface_cache_init (independant of interactive) and remove the unconditional
update from main(). Basically the only difference would be that non-interactive
mode does no invalidation.
There are many cases where interfaces are not used, like listing rules
without ifindex use, anything related to sets, chains, ..., so we can
avoid filling the cache if it is not needed.
Besides that looks very good.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
