Comparing performance of various commands with equivalent iptables ones I noticed that nftables fetches data from kernel it doesn't need in some cases. For instance, listing one table was slowed down by a large other table. Since there is already code to filter data added to cache, make use of that and craft GET requests to kernel a bit further so it returns only what is needed. This series is not entirely complete, e.g. objects are still fetched as before. It rather converts some low hanging fruits. Phil Sutter (5): cache: Filter tables on kernel side cache: Filter rule list on kernel side cache: Filter chain list on kernel side cache: Filter set list on server side cache: Support filtering for a specific flowtable include/cache.h | 1 + include/mnl.h | 14 +- include/netlink.h | 3 +- src/cache.c | 188 ++++++++++-------- src/mnl.c | 91 +++++++-- src/netlink.c | 15 +- tests/shell/testcases/listing/0020flowtable_0 | 51 ++++- 7 files changed, 247 insertions(+), 116 deletions(-) -- 2.33.0
