[iptables PATCH 08/18] nft: cache: Fetch only interesting tables from kernel

Phil Sutter <phil@xxxxxx> · Sat, 11 Jul 2020 12:18:21 +0200

Use the builtin_table array nft_handle->tables points at to gather a
list of table names the calling tool is interested in and fetch only
those instead of requesting a dump of all tables. This increases caching
overhead due to the individual sendmsg() calls but leads to a table list
in defined ordering.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-cache.c | 40 ++++++++++++++++++++++++++--------------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index 059f0a7f7891e..f8bb2d09c6434 100644
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -133,7 +133,8 @@ static int fetch_table_cache(struct nft_handle *h)
 	char buf[16536];
 	struct nlmsghdr *nlh;
 	struct nftnl_table_list *list;
-	int i, ret;
+	struct nftnl_table *t;
+	int i, rc, ret = 1;
 
 	if (h->cache->tables)
 		return 0;
@@ -142,14 +143,9 @@ static int fetch_table_cache(struct nft_handle *h)
 	if (list == NULL)
 		return 0;
 
-	nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE, h->family,
-					NLM_F_DUMP, h->seq);
-
-	ret = mnl_talk(h, nlh, nftnl_table_list_cb, list);
-	if (ret < 0 && errno == EINTR)
-		assert(nft_restart(h) >= 0);
-
-	h->cache->tables = list;
+	t = nftnl_table_alloc();
+	if (t == NULL)
+		return 0;
 
 	for (i = 0; i < NFT_TABLE_MAX; i++) {
 		enum nft_table_type type = h->tables[i].type;
@@ -157,16 +153,32 @@ static int fetch_table_cache(struct nft_handle *h)
 		if (!h->tables[i].name)
 			continue;
 
+		nlh = nftnl_rule_nlmsg_build_hdr(buf, NFT_MSG_GETTABLE,
+						 h->family, NLM_F_ACK, h->seq);
+		nftnl_table_set_str(t, NFTNL_TABLE_NAME, h->tables[i].name);
+		nftnl_table_nlmsg_build_payload(nlh, t);
+
+		rc = mnl_talk(h, nlh, nftnl_table_list_cb, list);
+		if (rc < 0 && errno == EINTR)
+			assert(nft_restart(h) >= 0);
+
 		h->cache->table[type].chains = nftnl_chain_list_alloc();
-		if (!h->cache->table[type].chains)
-			return 0;
+		if (!h->cache->table[type].chains) {
+			ret = 0;
+			break;
+		}
 
 		h->cache->table[type].sets = nftnl_set_list_alloc();
-		if (!h->cache->table[type].sets)
-			return 0;
+		if (!h->cache->table[type].sets) {
+			ret = 0;
+			break;
+		}
 	}
 
-	return 1;
+	if (ret == 1)
+		h->cache->tables = list;
+	nftnl_table_free(t);
+	return ret;
 }
 
 struct nftnl_chain_list_cb_data {
-- 
2.27.0







