All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH nft 1/2] mnl: larger receive socket buffer for netlink errors
@ 2020-09-14 10:09 Pablo Neira Ayuso
  2020-09-14 10:09 ` [PATCH nft 2/2] libnftables: avoid repeated command list traversal on errors Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-09-14 10:09 UTC (permalink / raw)
  To: netfilter-devel

Assume each error in the batch will result in a 1k notification for the
non-echo flag set on case as described in 860671662d3f ("mnl: fix --echo
buffer size again").

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/mnl.c | 21 +++++----------------
 1 file changed, 5 insertions(+), 16 deletions(-)

diff --git a/src/mnl.c b/src/mnl.c
index ca4f4b2acda9..6699b917c450 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -273,24 +273,16 @@ static int mnl_set_rcvbuffer(const struct mnl_socket *nl, socklen_t bufsiz)
 	return ret;
 }
 
-static size_t mnl_nft_batch_to_msg(struct netlink_ctx *ctx, struct msghdr *msg,
-				   const struct sockaddr_nl *snl,
-				   struct iovec *iov, unsigned int iov_len)
+static void mnl_nft_batch_to_msg(struct netlink_ctx *ctx, struct msghdr *msg,
+				 const struct sockaddr_nl *snl,
+				 struct iovec *iov, unsigned int iov_len)
 {
-	unsigned int i;
-	size_t len = 0;
-
 	msg->msg_name		= (struct sockaddr_nl *)snl;
 	msg->msg_namelen	= sizeof(*snl);
 	msg->msg_iov		= iov;
 	msg->msg_iovlen		= iov_len;
 
 	nftnl_batch_iovec(ctx->batch, iov, iov_len);
-
-	for (i = 0; i < iov_len; i++)
-		len += msg->msg_iov[i].iov_len;
-
-	return len;
 }
 
 static ssize_t mnl_nft_socket_sendmsg(struct netlink_ctx *ctx,
@@ -385,7 +377,6 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list,
 	struct iovec iov[iov_len];
 	struct msghdr msg = {};
 	unsigned int rcvbufsiz;
-	size_t batch_size;
 	fd_set readfds;
 	static mnl_cb_t cb_ctl_array[NLMSG_MIN_TYPE] = {
 	        [NLMSG_ERROR] = mnl_batch_extack_cb,
@@ -397,14 +388,12 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list,
 
 	mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch);
 
-	batch_size = mnl_nft_batch_to_msg(ctx, &msg, &snl, iov, iov_len);
+	mnl_nft_batch_to_msg(ctx, &msg, &snl, iov, iov_len);
 
+	rcvbufsiz = num_cmds * 1024;
 	if (nft_output_echo(&ctx->nft->output)) {
-		rcvbufsiz = num_cmds * 1024;
 		if (rcvbufsiz < NFT_MNL_ECHO_RCVBUFF_DEFAULT)
 			rcvbufsiz = NFT_MNL_ECHO_RCVBUFF_DEFAULT;
-	} else {
-		rcvbufsiz = num_cmds * div_round_up(batch_size, num_cmds) * 4;
 	}
 
 	mnl_set_rcvbuffer(ctx->nft->nf_sock, rcvbufsiz);
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH nft 2/2] libnftables: avoid repeated command list traversal on errors
  2020-09-14 10:09 [PATCH nft 1/2] mnl: larger receive socket buffer for netlink errors Pablo Neira Ayuso
@ 2020-09-14 10:09 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-09-14 10:09 UTC (permalink / raw)
  To: netfilter-devel

From: Jindrich Makovicka <makovick@gmail.com>

Because the command seqnums are monotonic, repeated traversals
of the cmds list from the beginning are not necessary as long as
the error seqnums are also monotonic.

Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
via netfilter's bugzilla.

 src/libnftables.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/libnftables.c b/src/libnftables.c
index fce52ad4003b..a180a9a30b3d 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -21,7 +21,7 @@ static int nft_netlink(struct nft_ctx *nft,
 		       struct list_head *cmds, struct list_head *msgs,
 		       struct mnl_socket *nf_sock)
 {
-	uint32_t batch_seqnum, seqnum = 0, num_cmds = 0;
+	uint32_t batch_seqnum, seqnum = 0, last_seqnum = UINT32_MAX, num_cmds = 0;
 	struct netlink_ctx ctx = {
 		.nft  = nft,
 		.msgs = msgs,
@@ -65,7 +65,14 @@ static int nft_netlink(struct nft_ctx *nft,
 		ret = -1;
 
 	list_for_each_entry_safe(err, tmp, &err_list, head) {
-		list_for_each_entry(cmd, cmds, list) {
+		/* cmd seqnums are monotonic: only reset the starting position
+		 * if the error seqnum is lower than the previous one.
+		 */
+		if (err->seqnum < last_seqnum)
+			cmd = list_first_entry(cmds, struct cmd, list);
+
+		list_for_each_entry_from(cmd, cmds, list) {
+			last_seqnum = cmd->seqnum;
 			if (err->seqnum == cmd->seqnum ||
 			    err->seqnum == batch_seqnum) {
 				nft_cmd_error(&ctx, cmd, err);
@@ -76,6 +83,11 @@ static int nft_netlink(struct nft_ctx *nft,
 				}
 			}
 		}
+
+		if (&cmd->list == cmds) {
+			/* not found, rewind */
+			last_seqnum = UINT32_MAX;
+		}
 	}
 out:
 	mnl_batch_reset(ctx.batch);
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-14 10:09 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-14 10:09 [PATCH nft 1/2] mnl: larger receive socket buffer for netlink errors Pablo Neira Ayuso
2020-09-14 10:09 ` [PATCH nft 2/2] libnftables: avoid repeated command list traversal on errors Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.