Mikhail Morfikov <mmorfikov@xxxxxxxxx> wrote: > On 06/01/2019 23:05, Florian Westphal wrote: > > Unfortunately not, right now nft dumps everything and filters in > > userspace. We need to propagate "table name" to the cache init > > function, but maybe more changes are needed to make this work > > (caching infra is tricky). > > > > This patch is a starting point, but it doesn't work correctly > > with libnftables/interactive mode (nft -i): > > > > I just tested the patch, and it's a way better now: > > # time nft list ruleset > /dev/null > nft list ruleset > /dev/null 1.39s user 3.86s system 97% cpu 5.413 total > > # time nft list table ip raw-set > /dev/null > nft list table ip raw-set > /dev/null 1.39s user 4.10s system 98% cpu 5.573 total > > # time nft list table inet raw > /dev/null > nft list table inet raw > /dev/null 0.00s user 0.00s system 81% cpu 0.008 total > > It's nice. Thanks. It has to be reworked a bit so we handle interactive mode correctly, once I think its good i will make formal patch submission. > Maybe is there a way to add some other patch and introduce an > option to hide sets' IPs? I think it would be a good idea. > Many people would appreciate this kind of output, especially > when you deal with huge lists of IPs. Agree, it makes sense.
