netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [PATCH nft v5 00/14] cache consolidation
Date: Mon, 10 Aug 2015 13:50:34 +0200	[thread overview]
Message-ID: <1439207448-22485-1-git-send-email-pablo@netfilter.org> (raw)

Hi,

This is another round of the patchset to consolidate the nft cache:

http://marc.info/?l=netfilter-devel&m=143620630223923&w=2

The idea consists of creating a cache of tables that is populated with chains,
rules, sets and elements.

The major change in this round is the fact that the cache is built later on
from the evaluation step where we have more context on what is going on. At
that stage, we know if this is a listing, in that case nft populates a full
blown cache. Otherwise, it only retrieves the table and set objects which is
the bare minimum that we require at this stage (at least by now). With the
previous patchset, with inconditional full blown cache retrieval, I noticed a
slowdown when working with large rulesets, so this new round patchset round
addresses this.

In the interactive mode, this cache is refreshed for every command to make sure
that we work with a ruleset that is current. We can avoid this by checking for
the generation counter, but will be looking into how to speed up this with
follow up patches when this is in master.

Comments welcome. Thanks.

Pablo Neira Ayuso (14):
  src: add cache infrastructure and use it for table objects
  src: add cmd_evaluate_list()
  rule: add reference counter to the table object
  src: add table declaration to cache
  src: use cache infrastructure for set objects
  src: add set declaration to cache
  src: early allocation of the set ID
  rule: add chain reference counter
  src: use cache infrastructure for chain objects
  evaluate: add cmd_evaluate_rename()
  src: add chain declarations to cache
  src: use cache infrastructure for rule objects
  src: use cache infrastructure for set element objects
  src: get rid of EINTR handling for nft_netlink()

 include/rule.h |    9 ++
 src/cli.c      |    1 +
 src/evaluate.c |  146 +++++++++++++++++-------
 src/main.c     |    7 +-
 src/netlink.c  |    4 -
 src/rule.c     |  337 ++++++++++++++++++++++++++++++++------------------------
 6 files changed, 310 insertions(+), 194 deletions(-)

-- 
1.7.10.4


             reply	other threads:[~2015-08-10 11:44 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-08-10 11:50 Pablo Neira Ayuso [this message]
2015-08-10 11:50 ` [PATCH nft v5 01/14] src: add cache infrastructure and use it for table objects Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 02/14] src: add cmd_evaluate_list() Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 03/14] rule: add reference counter to the table object Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 04/14] src: add table declaration to cache Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 05/14] src: use cache infrastructure for set objects Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 06/14] src: add set declaration to cache Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 07/14] src: early allocation of the set ID Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 08/14] rule: add chain reference counter Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 09/14] src: use cache infrastructure for chain objects Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 10/14] evaluate: add cmd_evaluate_rename() Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 11/14] src: add chain declarations to cache Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 12/14] src: use cache infrastructure for rule objects Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 13/14] src: use cache infrastructure for set element objects Pablo Neira Ayuso
2015-08-10 11:50 ` [PATCH nft v5 14/14] src: get rid of EINTR handling for nft_netlink() Pablo Neira Ayuso

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1439207448-22485-1-git-send-email-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).