On Thu, Mar 10, 2022 at 01:11:55PM +0100, Florian Westphal wrote: > Phil Sutter <phil@xxxxxx> wrote: > > When dumping a large ruleset, common protocol matches such as for TCP > > port number significantly slow down rule printing due to repeated calls > > for getprotobynumber(). The latter does not involve any caching, so > > /etc/protocols is consulted over and over again. > > > As a simple countermeasure, make functions converting between proto > > number and name prefer the built-in list of "well-known" protocols. This > > is not a perfect solution, repeated rules for protocol names libxtables > > does not cache (e.g. igmp or dccp) will still be slow. Implementing > > getprotoent() result caching could solve this. > > Hmm, I think we could just extend xtables_chain_protos[]. Statically, i.e. add more entries based on "usual" /etc/protocols contents or dynamically from getprotoent() results? > Anyway, this looks safe to me, so > > Acked-by: Florian Westphal <fw@xxxxxxxxx> Thanks!
