From patchwork Tue Sep 25 12:24:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 974371 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nwl.cc Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42KKyP0mzzz9s47 for ; Tue, 25 Sep 2018 22:24:45 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728960AbeIYScC (ORCPT ); Tue, 25 Sep 2018 14:32:02 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:44556 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728738AbeIYScC (ORCPT ); Tue, 25 Sep 2018 14:32:02 -0400 Received: from localhost ([::1]:52090 helo=tatos) by orbyte.nwl.cc with esmtp (Exim 4.90_1) (envelope-from ) id 1g4mOQ-0007Fz-Eg; Tue, 25 Sep 2018 14:24:42 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [nft PATCH 5/5] tests: shell: Improve performance of 0021prio_0 Date: Tue, 25 Sep 2018 14:24:16 +0200 Message-Id: <20180925122416.15224-6-phil@nwl.cc> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180925122416.15224-1-phil@nwl.cc> References: <20180925122416.15224-1-phil@nwl.cc> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This test called nft binary 391 times and took about 38s to complete on my testing VM. Improve this by writing all commands into a temporary file for processing in a single nft call. Reduces run-time to about 4s. Interestingly, piping the sub-process's output directly into 'nft -f -' leads to spurious errors (parser complaining about perfectly fine syntax). It seems like handling large input this way is not possible. Signed-off-by: Phil Sutter --- tests/shell/testcases/chains/0021prio_0 | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0 index b54b6fae32c63..e761297492baf 100755 --- a/tests/shell/testcases/chains/0021prio_0 +++ b/tests/shell/testcases/chains/0021prio_0 @@ -32,14 +32,22 @@ gen_chains () { for i in -11 -10 0 10 11 do local offset=`format_offset $i` - local chainname=`chainname $hook $prioname $offset` - $NFT add chain $family x $chainname "{ type filter hook $hook $device priority $prioname $offset; }" + local cmd="add chain $family x" + cmd+=" `chainname $hook $prioname $offset` {" + cmd+=" type filter hook $hook $device" + cmd+=" priority $prioname $offset; }" + echo "$cmd" done } +tmpfile=$(mktemp) +trap "rm $tmpfile" EXIT + +( + for family in ip ip6 inet do - $NFT add table $family x + echo "add table $family x" for hook in prerouting input forward output postrouting do for prioname in raw mangle filter security @@ -47,24 +55,23 @@ do gen_chains $family $hook $prioname done done - gen_chains $family prerouting dstnat gen_chains $family postrouting srcnat done family=arp -$NFT add table $family x +echo "add table $family x" for hook in input output do gen_chains $family $hook filter done family=netdev -$NFT add table $family x +echo "add table $family x" gen_chains $family ingress filter lo family=bridge -$NFT add table $family x +echo "add table $family x" for hook in prerouting input forward output postrouting do gen_chains $family $hook filter @@ -72,3 +79,6 @@ done gen_chains $family prerouting dstnat gen_chains $family output out gen_chains $family postrouting srcnat + +) >$tmpfile +$NFT -f $tmpfile