diff options
| author |   Florian Westphal <fw@strlen.de> | 2019-01-08 15:45:59 +0100 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2019-01-18 15:02:33 +0100 |
| commit | 4d44175aa5bb5f68772b1eb0306554812294ca52 (patch) | |
| tree | fc4e7b368bdbfc6c51435d0e49d0a67e8b431c1a /net/netfilter/nft_objref.c | |
| parent | netfilter: nf_tables: prepare nft_object for lookups via hashtable (diff) | |
| download | linux-dev-4d44175aa5bb5f68772b1eb0306554812294ca52.tar.xz linux-dev-4d44175aa5bb5f68772b1eb0306554812294ca52.zip | |
netfilter: nf_tables: handle nft_object lookups via rhltable
Instead of linear search, use rhlist interface to look up the objects.
This fixes rulesets with thousands of named objects (quota, counters and
the like).
We only use a single table for this and consider the address of the
table we're doing the lookup in as a part of the key.
This reduces restore time of a sample ruleset with ~20k named counters
from 37 seconds to 0.8 seconds.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_objref.c')
| -rw-r--r-- | net/netfilter/nft_objref.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c index 58eb75ad61bf..c1f2adf198a0 100644 --- a/net/netfilter/nft_objref.c +++ b/net/netfilter/nft_objref.c @@ -38,7 +38,8 @@ static int nft_objref_init(const struct nft_ctx *ctx, return -EINVAL; objtype = ntohl(nla_get_be32(tb[NFTA_OBJREF_IMM_TYPE])); - obj = nft_obj_lookup(ctx->table, tb[NFTA_OBJREF_IMM_NAME], objtype, + obj = nft_obj_lookup(ctx->net, ctx->table, + tb[NFTA_OBJREF_IMM_NAME], objtype, genmask); if (IS_ERR(obj)) return -ENOENT; |