Hi Phil, On Wed, Dec 01, 2021 at 04:02:53PM +0100, Phil Sutter wrote: > Comparing performance of various commands with equivalent iptables ones > I noticed that nftables fetches data from kernel it doesn't need in some > cases. For instance, listing one table was slowed down by a large other > table. > > Since there is already code to filter data added to cache, make use of > that and craft GET requests to kernel a bit further so it returns only > what is needed. Using netlink to filter from kernel space is the optimal solution. > This series is not entirely complete, e.g. objects are still fetched as > before. It rather converts some low hanging fruits. Only one thing: It would be good to test this on older kernels, because IIRC some of the GET requests during the development, I would suggest to give it a test with -stable kernels. Probably all of the needed GET commands are already present there. In the nftables 1.0.1 release process, I tested it with 4.9.x and tests where running fine, the error reports were coming from missing features. Thanks.
