[iptables,v2,00/14] Separate rule cache per chain et al.

Message ID	20181213111607.5457-1-phil@nwl.cc
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: Pablo Neira Ayuso <pablo@netfilter.org> Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH v2 00/14] Separate rule cache per chain et al. Date: Thu, 13 Dec 2018 12:15:53 +0100 Message-Id: <20181213111607.5457-1-phil@nwl.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	Separate rule cache per chain et al. \| expand [iptables,v2,00/14] Separate rule cache per chain et al. [iptables,v2,01/14] xtables: Review unclear return points [iptables,v2,02/14] xtables-restore: Review chain handling [iptables,v2,03/14] xtables: Implement per chain rule cache [iptables,v2,04/14] nft: Simplify nftnl_rule_list_chain_save() [iptables,v2,05/14] xtables: Drop nft_chain_list_find() [iptables,v2,06/14] xtables: Optimize flushing a specific chain [iptables,v2,07/14] xtables: Optimize nft_chain_zero_counters() [iptables,v2,08/14] tests: Extend verbose output and return code tests [iptables,v2,09/14] xtables: Optimize nft_chain_user_del() [iptables,v2,10/14] xtables: Optimize nft_rule_list() [iptables,v2,11/14] xtables: Optimize nft_rule_list_save() [iptables,v2,12/14] xtables: Make use of nftnl_rule_lookup_byindex() [iptables,v2,13/14] xtables: Fix for inserting rule at wrong position [iptables,v2,14/14] xtables: Do not change ruleset while listing

Message ID

20181213111607.5457-1-phil@nwl.cc

Headers

From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH v2 00/14] Separate rule cache per chain et al.
Date: Thu, 13 Dec 2018 12:15:53 +0100
Message-Id: <20181213111607.5457-1-phil@nwl.cc>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

Separate rule cache per chain et al. | expand

Message

Phil Sutter Dec. 13, 2018, 11:15 a.m. UTC

This series mostly implements separate rule caches in each chain (in
patch 3) and fixes wrong ordering of rules when restoring dumps
containing insert commands (in patch 13) which requires the per chain
rule cache. Remaining patches are more or less related.

Changes since v1:
- Fetch rule cache only if required (patch 3).
- Remaining patches unchanged (apart from being reapplied onto changed
  patch 3).

Phil Sutter (14):
  xtables: Review unclear return points
  xtables-restore: Review chain handling
  xtables: Implement per chain rule cache
  nft: Simplify nftnl_rule_list_chain_save()
  xtables: Drop nft_chain_list_find()
  xtables: Optimize flushing a specific chain
  xtables: Optimize nft_chain_zero_counters()
  tests: Extend verbose output and return code tests
  xtables: Optimize nft_chain_user_del()
  xtables: Optimize nft_rule_list()
  xtables: Optimize nft_rule_list_save()
  xtables: Make use of nftnl_rule_lookup_byindex()
  xtables: Fix for inserting rule at wrong position
  xtables: Do not change ruleset while listing

 iptables/nft-shared.h                         |    2 -
 iptables/nft.c                                | 1193 ++++++++---------
 iptables/nft.h                                |    7 +-
 .../ipt-restore/0003-restore-ordering_0       |   94 ++
 .../testcases/iptables/0002-verbose-output_0  |   13 +-
 .../testcases/iptables/0004-return-codes_0    |    6 +
 .../testcases/iptables/0005-rule-replace_0    |   38 +
 iptables/xtables-arp.c                        |    1 +
 iptables/xtables-eb.c                         |    1 +
 iptables/xtables-restore.c                    |   73 +-
 iptables/xtables-save.c                       |    6 +-
 iptables/xtables.c                            |    4 +
 12 files changed, 749 insertions(+), 689 deletions(-)
 create mode 100755 iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0
 create mode 100755 iptables/tests/shell/testcases/iptables/0005-rule-replace_0