Re: RFC: Designing per chain rule cache support in libnftnl

Hi, On Wed, Nov 28, 2018 at 02:51:54PM +0100, Pablo Neira Ayuso wrote: > On Wed, Nov 28, 2018 at 02:21:01PM +0100, Phil Sutter wrote: > > Hi Pablo, > > > > On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote: > > > On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote: >

Re: RFC: Designing per chain rule cache support in libnftnl

On Wed, Nov 28, 2018 at 02:21:01PM +0100, Phil Sutter wrote: > Hi Pablo, > > On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote: > > On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote: > > > Phil Sutter wrote: > > > > > If user doesn't want it cleared at

Re: RFC: Designing per chain rule cache support in libnftnl

Hi Pablo, On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote: > On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote: > > Phil Sutter wrote: > > > > If user doesn't want it cleared at nftnl_chain_free() time they can > > > > always allocate a new nftnl_rule_list and

Re: RFC: Designing per chain rule cache support in libnftnl

On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote: > On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote: > > Phil Sutter wrote: > > > > If user doesn't want it cleared at nftnl_chain_free() time they can > > > > always allocate a new nftnl_rule_list and splice to

Re: RFC: Designing per chain rule cache support in libnftnl

On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote: > Phil Sutter wrote: > > > If user doesn't want it cleared at nftnl_chain_free() time they can > > > always allocate a new nftnl_rule_list and splice to that list. > > > > Good point. What do you think about the simple approach of

Re: RFC: Designing per chain rule cache support in libnftnl

Phil Sutter wrote: > > If user doesn't want it cleared at nftnl_chain_free() time they can > > always allocate a new nftnl_rule_list and splice to that list. > > Good point. What do you think about the simple approach of introducing: > > | struct nftnl_rule_list *nftnl_chain_get_rule_list(const

Re: RFC: Designing per chain rule cache support in libnftnl

On Fri, Nov 23, 2018 at 07:49:49AM +0100, Florian Westphal wrote: > Phil Sutter wrote: > > In order to improve performance in 'nft -f' as well as xtables-restore > > with very large rulesets, we need to store rules by chain they belong > > to. In order to avoid pointless code duplication, this

Re: RFC: Designing per chain rule cache support in libnftnl

Phil Sutter wrote: > In order to improve performance in 'nft -f' as well as xtables-restore > with very large rulesets, we need to store rules by chain they belong > to. In order to avoid pointless code duplication, this should be > supported by libnftnl. Unfortunately we still need to change