Phil Sutter <phil@xxxxxx> wrote: > When dumping a large ruleset, common protocol matches such as for TCP > port number significantly slow down rule printing due to repeated calls > for getprotobynumber(). The latter does not involve any caching, so > /etc/protocols is consulted over and over again. > As a simple countermeasure, make functions converting between proto > number and name prefer the built-in list of "well-known" protocols. This > is not a perfect solution, repeated rules for protocol names libxtables > does not cache (e.g. igmp or dccp) will still be slow. Implementing > getprotoent() result caching could solve this. Hmm, I think we could just extend xtables_chain_protos[]. Anyway, this looks safe to me, so Acked-by: Florian Westphal <fw@xxxxxxxxx>
