Hi,
On Wed, Nov 28, 2018 at 02:51:54PM +0100, Pablo Neira Ayuso wrote:
> On Wed, Nov 28, 2018 at 02:21:01PM +0100, Phil Sutter wrote:
> > Hi Pablo,
> >
> > On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote:
> > > On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote:
>
On Wed, Nov 28, 2018 at 02:21:01PM +0100, Phil Sutter wrote:
> Hi Pablo,
>
> On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote:
> > On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote:
> > > Phil Sutter wrote:
> > > > > If user doesn't want it cleared at
Hi Pablo,
On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote:
> > Phil Sutter wrote:
> > > > If user doesn't want it cleared at nftnl_chain_free() time they can
> > > > always allocate a new nftnl_rule_list and
On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote:
> On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote:
> > Phil Sutter wrote:
> > > > If user doesn't want it cleared at nftnl_chain_free() time they can
> > > > always allocate a new nftnl_rule_list and splice to
On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote:
> Phil Sutter wrote:
> > > If user doesn't want it cleared at nftnl_chain_free() time they can
> > > always allocate a new nftnl_rule_list and splice to that list.
> >
> > Good point. What do you think about the simple approach of
Phil Sutter wrote:
> > If user doesn't want it cleared at nftnl_chain_free() time they can
> > always allocate a new nftnl_rule_list and splice to that list.
>
> Good point. What do you think about the simple approach of introducing:
>
> | struct nftnl_rule_list *nftnl_chain_get_rule_list(const
On Fri, Nov 23, 2018 at 07:49:49AM +0100, Florian Westphal wrote:
> Phil Sutter wrote:
> > In order to improve performance in 'nft -f' as well as xtables-restore
> > with very large rulesets, we need to store rules by chain they belong
> > to. In order to avoid pointless code duplication, this
Phil Sutter wrote:
> In order to improve performance in 'nft -f' as well as xtables-restore
> with very large rulesets, we need to store rules by chain they belong
> to. In order to avoid pointless code duplication, this should be
> supported by libnftnl.
Unfortunately we still need to change
Hi,
In order to improve performance in 'nft -f' as well as xtables-restore
with very large rulesets, we need to store rules by chain they belong
to. In order to avoid pointless code duplication, this should be
supported by libnftnl.
Looking into the topic, it seems like extending struct