[iptables,v3,02/11] nft: Avoid nested cache fetching
diff mbox series

Message ID 20191008161447.6595-3-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show
Series
  • Improve iptables-nft performance with large rulesets
Related show

Commit Message

Phil Sutter Oct. 8, 2019, 4:14 p.m. UTC
Don't call fetch_table_cache() from within fetch_chain_cache() but
instead from __nft_build_cache(). Since that is the only caller of
fetch_chain_cache(), this change should not have any effect in practice.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Pablo Neira Ayuso Oct. 9, 2019, 9:30 a.m. UTC | #1
On Tue, Oct 08, 2019 at 06:14:38PM +0200, Phil Sutter wrote:
> Don't call fetch_table_cache() from within fetch_chain_cache() but
> instead from __nft_build_cache(). Since that is the only caller of
> fetch_chain_cache(), this change should not have any effect in practice.
> 
> Signed-off-by: Phil Sutter <phil@nwl.cc>

Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

Patch
diff mbox series

diff --git a/iptables/nft.c b/iptables/nft.c
index bdc9fbc37f110..3228842cd3c8b 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1414,8 +1414,6 @@  static int fetch_chain_cache(struct nft_handle *h)
 	struct nlmsghdr *nlh;
 	int i, ret;
 
-	fetch_table_cache(h);
-
 	for (i = 0; i < NFT_TABLE_MAX; i++) {
 		enum nft_table_type type = h->tables[i].type;
 
@@ -1592,6 +1590,7 @@  static void __nft_build_cache(struct nft_handle *h)
 
 retry:
 	mnl_genid_get(h, &genid_start);
+	fetch_table_cache(h);
 	fetch_chain_cache(h);
 	fetch_rule_cache(h);
 	h->have_cache = true;