[iptables PATCH 2/4] nft: Speed up immediate parsing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: [iptables PATCH 2/4] nft: Speed up immediate parsing
From: Phil Sutter <phil@xxxxxx>
Date: Wed, 2 Mar 2022 16:18:05 +0100
Cc: netfilter-devel@xxxxxxxxxxxxxxx
In-reply-to: <20220302151807.12185-1-phil@nwl.cc>

Parsing of rules which jump to a chain pointlessly causes a call to
xtables_find_target() despite the code already knowing the outcome.

Avoid the significant delay for rulesets with many chain jumps by
performing the (standard) target lookup only for accept/drop/return
verdicts.

References:
- [iptables PATCH 0/4] Speed up iptables-nft-save
  - From: Phil Sutter

Prev by Date: [iptables PATCH 0/4] Speed up iptables-nft-save
Next by Date: [iptables PATCH 4/4] nft: Don't pass command state opaque to family ops callbacks
Previous by thread: Re: [iptables PATCH 3/4] xshared: Prefer xtables_chain_protos lookup over getprotoent
Next by thread: [iptables PATCH 4/4] nft: Don't pass command state opaque to family ops callbacks
Index(es):
- Date
- Thread

[Index of Archives] [Netfitler Users] [Berkeley Packet Filter] [LARTC] [Bugtraq] [Yosemite Forum]

Powered by Linux