[iptables,v3,02/11] nft: Avoid nested cache fetching

Message ID	20191008161447.6595-3-phil@nwl.cc
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Phil Sutter <phil@nwl.cc> To: Pablo Neira Ayuso <pablo@netfilter.org> Cc: netfilter-devel@vger.kernel.org Subject: [iptables PATCH v3 02/11] nft: Avoid nested cache fetching Date: Tue, 8 Oct 2019 18:14:38 +0200 Message-Id: <20191008161447.6595-3-phil@nwl.cc> In-Reply-To: <20191008161447.6595-1-phil@nwl.cc> References: <20191008161447.6595-1-phil@nwl.cc> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	Improve iptables-nft performance with large rulesets \| expand [iptables,v3,00/11] Improve iptables-nft performance with large rulesets [iptables,v3,01/11] nft: Pass nft_handle to flush_cache() [iptables,v3,02/11] nft: Avoid nested cache fetching [iptables,v3,03/11] nft: Extract cache routines into nft-cache.c [iptables,v3,04/11] nft-cache: Introduce cache levels [iptables,v3,05/11] nft-cache: Fetch only chains in nft_chain_list_get() [iptables,v3,06/11] nft-cache: Cover for multiple fetcher invocation [iptables,v3,07/11] nft-cache: Support partial cache per table [iptables,v3,08/11] nft-cache: Support partial rule cache per chain [iptables,v3,09/11] nft: Reduce cache overhead of nft_chain_builtin_init() [iptables,v3,10/11] nft: Support nft_is_table_compatible() per chain [iptables,v3,11/11] nft: Optimize flushing all chains of a table

Message ID

20191008161447.6595-3-phil@nwl.cc

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH v3 02/11] nft: Avoid nested cache fetching
Date: Tue,  8 Oct 2019 18:14:38 +0200
Message-Id: <20191008161447.6595-3-phil@nwl.cc>
In-Reply-To: <20191008161447.6595-1-phil@nwl.cc>
References: <20191008161447.6595-1-phil@nwl.cc>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

Improve iptables-nft performance with large rulesets | expand

Commit Message

Phil Sutter Oct. 8, 2019, 4:14 p.m. UTC

Don't call fetch_table_cache() from within fetch_chain_cache() but
instead from __nft_build_cache(). Since that is the only caller of
fetch_chain_cache(), this change should not have any effect in practice.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Pablo Neira Ayuso Oct. 9, 2019, 9:30 a.m. UTC | #1

On Tue, Oct 08, 2019 at 06:14:38PM +0200, Phil Sutter wrote:
> Don't call fetch_table_cache() from within fetch_chain_cache() but
> instead from __nft_build_cache(). Since that is the only caller of
> fetch_chain_cache(), this change should not have any effect in practice.
> 
> Signed-off-by: Phil Sutter <phil@nwl.cc>

Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index bdc9fbc37f110..3228842cd3c8b 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1414,8 +1414,6 @@  static int fetch_chain_cache(struct nft_handle *h)
 	struct nlmsghdr *nlh;
 	int i, ret;
 
-	fetch_table_cache(h);
-
 	for (i = 0; i < NFT_TABLE_MAX; i++) {
 		enum nft_table_type type = h->tables[i].type;
 
@@ -1592,6 +1590,7 @@  static void __nft_build_cache(struct nft_handle *h)
 
 retry:
 	mnl_genid_get(h, &genid_start);
+	fetch_table_cache(h);
 	fetch_chain_cache(h);
 	fetch_rule_cache(h);
 	h->have_cache = true;

[iptables,v3,02/11] nft: Avoid nested cache fetching

Commit Message

Comments

Patch