Patchwork [nftables] netlink: use build_id to lower message size

login
register
mail settings
Submitter Eric Leblond
Date Oct. 2, 2013, 11:16 p.m.
Message ID <1380755793-18011-1-git-send-email-eric@regit.org>
Download mbox | patch
Permalink /patch/280192/
State Not Applicable
Headers show

Comments

Eric Leblond - Oct. 2, 2013, 11:16 p.m.
THis patch makes use of the new nft_rule_nlmsg_build_id function
from libnftables for the delete operation. This lower the size
of the netlink message sent to kernel when flushing the rules.

Signed-off-by: Eric Leblond <eric@regit.org>
---
 src/mnl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Pablo Neira - Oct. 3, 2013, 4:25 p.m.
On Thu, Oct 03, 2013 at 01:16:33AM +0200, Eric Leblond wrote:
> THis patch makes use of the new nft_rule_nlmsg_build_id function
> from libnftables for the delete operation. This lower the size
> of the netlink message sent to kernel when flushing the rules.

I think we can simplify the flush operation with a small change in
nf_tables_delrule. The idea is to delete all rule if no chain is
specified.

The current approach is pretty time consuming, as we have to fetch the
ruleset from the kernel, iterate over it and build the message to
delete them.

Would you send me patches to follow this approach?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/src/mnl.c b/src/mnl.c
index 27b181a..3c07156 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -292,7 +292,7 @@  int mnl_nft_rule_batch_del(struct nft_rule *nlr, unsigned int flags,
 			nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY),
 			NLM_F_ACK, seqnum);
 
-	nft_rule_nlmsg_build_payload(nlh, nlr);
+	nft_rule_nlmsg_build_id(nlh, nlr);
 
 	if (!mnl_nlmsg_batch_next(batch))
 		mnl_batch_page_add();