git.ipfire.org Git - thirdparty/nftables.git/commit

author	Elise Lennion <elise.lennion@gmail.com>
	Fri, 6 Jan 2017 21:43:32 +0000 (19:43 -0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 10 Jan 2017 21:31:12 +0000 (22:31 +0100)
commit	14ee0a979b622f95676eab77043b61cc5aab4270
tree	6d02d132ad9beef75d515430d0959d23aba5e8ca	tree
parent	e7f1876088cae4d64de3fc9e2c5419fce599d112	commit \| diff

src: sort set elements in netlink_get_setelems()

So users can better track their ruleset via git.

Without sorting, the elements can be listed in a different order
every time the set is created, generating unnecessary git changes.

Mergesort is used. Doesn't sort sets with 'flags interval' set on.

Pablo appends to this changelog description:

Currently these interval set elements are dumped in order. We'll likely
get new representations soon that may not guarantee this anymore, so
let's revisit this later in case we need it.

Without this patch, nft list ruleset with a set containing 40000
elements takes on my laptop:

real    0m2.742s
user    0m0.112s
sys     0m0.280s

With this patch:

real    0m2.846s
user    0m0.180s
sys     0m0.284s

Difference is small, so don't get nft more complicated with yet another
getopt() option, enable this by default.

Signed-off-by: Elise Lennion <elise.lennion@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/expression.h		diff \| blob \| blame \| history
src/Makefile.am		diff \| blob \| blame \| history
src/mergesort.c	[new file with mode: 0644]	blob
src/netlink.c		diff \| blob \| blame \| history