Re: [PATCH nftables,v2 0/7] ruleset optimization infrastructure

Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx> · Mon, 3 Jan 2022 14:33:30 +0100



Le 02/01/2022 à 23:14, Pablo Neira Ayuso a écrit :
> Hi,
> 
> This patchset adds a new -o/--optimize option to enable ruleset
> optimization. Two type of optimizations are supported in this batch:
> 
> * Use a set to compact several rules with the same selector using a set,
>   for example:
> 
>       meta iifname eth1 ip saddr 1.1.1.1 ip daddr 2.2.2.3 accept
>       meta iifname eth1 ip saddr 1.1.1.2 ip daddr 2.2.2.5 accept
>       meta iifname eth2 ip saddr 1.1.1.3 ip daddr 2.2.2.6 accept
> 
>    into:
> 
>       meta iifname . ip saddr . ip daddr { eth1 . 1.1.1.1 . 2.2.2.6, eth1 . 1.1.1.2 . 2.2.2.5 , eth1 . 1.1.1.3 . 2.2.2.6 } accept
nit: it would probably be better with this result ;-)
meta iifname . ip saddr . ip daddr { eth1 . 1.1.1.1 . 2.2.2.3, eth1 . 1.1.1.2 .
2.2.2.5 , eth2 . 1.1.1.3 . 2.2.2.6 } accept


Regards,
Nicolas