| Message ID | 1380755793-18011-1-git-send-email-eric@regit.org |
|---|---|
| State | Not Applicable |
| Headers | show |
On Thu, Oct 03, 2013 at 01:16:33AM +0200, Eric Leblond wrote: > THis patch makes use of the new nft_rule_nlmsg_build_id function > from libnftables for the delete operation. This lower the size > of the netlink message sent to kernel when flushing the rules. I think we can simplify the flush operation with a small change in nf_tables_delrule. The idea is to delete all rule if no chain is specified. The current approach is pretty time consuming, as we have to fetch the ruleset from the kernel, iterate over it and build the message to delete them. Would you send me patches to follow this approach? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/src/mnl.c b/src/mnl.c index 27b181a..3c07156 100644 --- a/src/mnl.c +++ b/src/mnl.c @@ -292,7 +292,7 @@ int mnl_nft_rule_batch_del(struct nft_rule *nlr, unsigned int flags, nft_rule_attr_get_u32(nlr, NFT_RULE_ATTR_FAMILY), NLM_F_ACK, seqnum); - nft_rule_nlmsg_build_payload(nlh, nlr); + nft_rule_nlmsg_build_id(nlh, nlr); if (!mnl_nlmsg_batch_next(batch)) mnl_batch_page_add();
THis patch makes use of the new nft_rule_nlmsg_build_id function from libnftables for the delete operation. This lower the size of the netlink message sent to kernel when flushing the rules. Signed-off-by: Eric Leblond <eric@regit.org> --- src/mnl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)