This series speeds up xtables-restore calls with --noflush (typically
used to batch a few commands for faster execution) by preliminary input
inspection.
Before, setting --noflush flag would inevitably lead to full cache
population. With this series in place, if input can be fully buffered
and no commands requiring full cache is contained, no initial cache
population happens and each rule parsed will cause fetching of cache
bits as required.
The input buffer size is arbitrarily chosen to be 64KB.
Patches one and two prepare code for patch three which moves the loop
content parsing each line of input into a separate function. The
reduction of code indenting is used by patch four which deals with
needless line breaks.
Patch five deals with another requirement of input buffering, namely
stripping newline characters from each line. This is not a problem by
itself, but add_param_to_argv() replaces them by nul-chars and so
strings stop being consistently terminated (some by a single, some by
two nul-chars).
Patch six then finally adds the buffering and caching decision code.
Patch seven is pretty unrelated but tests a specific behaviour of
*tables-restore I wasn't sure of at first.
Phil Sutter (7):
xtables-restore: Integrate restore callbacks into struct
nft_xt_restore_parse
xtables-restore: Introduce struct nft_xt_restore_state
xtables-restore: Introduce line parsing function
xtables-restore: Remove some pointless linebreaks
xtables-restore: Allow lines without trailing newline character
xtables-restore: Improve performance of --noflush operation
tests: shell: Add ipt-restore/0007-flush-noflush_0
iptables/nft-shared.h | 18 +-
.../ipt-restore/0007-flush-noflush_0 | 42 ++
iptables/xshared.c | 4 +
iptables/xtables-restore.c | 443 +++++++++++-------
iptables/xtables-translate.c | 6 +-
5 files changed, 323 insertions(+), 190 deletions(-)
create mode 100755 iptables/tests/shell/testcases/ipt-restore/0007-flush-noflush_0
--
2.23.0
