Hi Phil, On Thu, Nov 24, 2022 at 05:56:38PM +0100, Phil Sutter wrote: > There is no point in spending efforts setting up the xt match/target > when it is not printed afterwards. So just store the statement data from > libnftnl in struct xt_stmt and perform the extension lookup from > xt_stmt_xlate() instead. There is nft -i and nft monitor which keep a ruleset cache. Both are sort of incomplete: nft -i resorts to cleaning up the cache based on the generation number and nft monitor still needs to be updated to keep track of incremental ruleset updates via netlink events. Sooner or later these two will get better support for incremental ruleset updates. I mean, in those two cases, every call to print the translation will trigger the allocation of the xt structures, fill them and then call .xlate. I agree it is a bit more work, I guess this won't case any noticeable penalty, but it might be work that needs to be done over and over again when ruleset uses xt match / target.
