Hi, This is another round of the patchset to consolidate the nft cache: http://marc.info/?l=netfilter-devel&m=143620630223923&w=2 The idea consists of creating a cache of tables that is populated with chains, rules, sets and elements. The major change in this round is the fact that the cache is built later on from the evaluation step where we have more context on what is going on. At that stage, we know if this is a listing, in that case nft populates a full blown cache. Otherwise, it only retrieves the table and set objects which is the bare minimum that we require at this stage (at least by now). With the previous patchset, with inconditional full blown cache retrieval, I noticed a slowdown when working with large rulesets, so this new round patchset round addresses this. In the interactive mode, this cache is refreshed for every command to make sure that we work with a ruleset that is current. We can avoid this by checking for the generation counter, but will be looking into how to speed up this with follow up patches when this is in master. Comments welcome. Thanks. Pablo Neira Ayuso (14): src: add cache infrastructure and use it for table objects src: add cmd_evaluate_list() rule: add reference counter to the table object src: add table declaration to cache src: use cache infrastructure for set objects src: add set declaration to cache src: early allocation of the set ID rule: add chain reference counter src: use cache infrastructure for chain objects evaluate: add cmd_evaluate_rename() src: add chain declarations to cache src: use cache infrastructure for rule objects src: use cache infrastructure for set element objects src: get rid of EINTR handling for nft_netlink() include/rule.h | 9 ++ src/cli.c | 1 + src/evaluate.c | 146 +++++++++++++++++------- src/main.c | 7 +- src/netlink.c | 4 - src/rule.c | 337 ++++++++++++++++++++++++++++++++------------------------ 6 files changed, 310 insertions(+), 194 deletions(-) -- 1.7.10.4 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
