Add a hashtable for fast table lookups.
Tables that reside in the cache use the table->cache_hlist and
table->cache_list heads.
Table that are created from command line / ruleset are also added
to the cache.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
NFT_CACHE_FLUSHED = (1 << 31),
};
-struct nft_cache {
- uint32_t genid;
- struct list_head list;
- uint32_t seqnum;
- uint32_t flags;
-};
-
+struct nft_cache;
enum cmd_ops;
unsigned int nft_cache_evaluate(struct nft_ctx *nft, struct list_head *cmds);
void cache_add(struct cache_item *item, struct cache *cache, uint32_t hash);
void cache_del(struct cache_item *item);
+void table_cache_add(struct table *table, struct nft_cache *cache);
+void table_cache_del(struct table *table);
+struct table *table_cache_find(const struct cache *cache, const char *name,
+ uint32_t family);
+
void obj_cache_add(struct obj *obj, struct table *table);
void obj_cache_del(struct obj *obj);
struct obj *obj_cache_find(const struct table *table, const char *name,
void ft_cache_add(struct flowtable *ft, struct table *table);
struct flowtable *ft_cache_find(const struct table *table, const char *name);
+struct nft_cache {
+ uint32_t genid;
+ struct cache table_cache;
+ uint32_t seqnum;
+ uint32_t flags;
+};
+
#endif /* _NFT_CACHE_H_ */
*/
struct table {
struct list_head list;
+ struct cache_item cache;
struct handle handle;
struct location location;
struct scope scope;
extern struct table *table_alloc(void);
extern struct table *table_get(struct table *table);
extern void table_free(struct table *table);
-extern void table_add_hash(struct table *table, struct nft_cache *cache);
-extern struct table *table_lookup(const struct handle *h,
- const struct nft_cache *cache);
extern struct table *table_lookup_fuzzy(const struct handle *h,
const struct nft_cache *cache);
return flags;
}
+void table_cache_add(struct table *table, struct nft_cache *cache)
+{
+ uint32_t hash;
+
+ hash = djb_hash(table->handle.table.name) % NFT_CACHE_HSIZE;
+ cache_add(&table->cache, &cache->table_cache, hash);
+}
+
+void table_cache_del(struct table *table)
+{
+ cache_del(&table->cache);
+}
+
+struct table *table_cache_find(const struct cache *cache,
+ const char *name, uint32_t family)
+{
+ struct table *table;
+ uint32_t hash;
+
+ if (!name)
+ return NULL;
+
+ hash = djb_hash(name) % NFT_CACHE_HSIZE;
+ list_for_each_entry(table, &cache->ht[hash], cache.hlist) {
+ if (table->handle.family == family &&
+ !strcmp(table->handle.table.name, name))
+ return table;
+ }
+
+ return NULL;
+}
+
struct chain_cache_dump_ctx {
struct netlink_ctx *nlctx;
struct table *table;
static int cache_init_tables(struct netlink_ctx *ctx, struct handle *h,
struct nft_cache *cache)
{
+ struct table *table, *next;
int ret;
ret = netlink_list_tables(ctx, h);
if (ret < 0)
return -1;
- list_splice_tail_init(&ctx->list, &cache->list);
+ list_for_each_entry_safe(table, next, &ctx->list, list) {
+ list_del(&table->list);
+ table_cache_add(table, cache);
+ }
return 0;
}
return -1;
}
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (flags & NFT_CACHE_SET_BIT) {
set_list = set_cache_dump(ctx, table, &ret);
if (!set_list) {
return 0;
}
-static void nft_cache_flush(struct list_head *table_list)
+static void nft_cache_flush(struct cache *table_cache)
{
struct table *table, *next;
- list_for_each_entry_safe(table, next, table_list, list) {
- list_del(&table->list);
+ list_for_each_entry_safe(table, next, &table_cache->list, cache.list) {
+ table_cache_del(table);
table_free(table);
}
}
void nft_cache_release(struct nft_cache *cache)
{
- nft_cache_flush(&cache->list);
+ nft_cache_flush(&cache->table_cache);
cache->genid = 0;
cache->flags = NFT_CACHE_EMPTY;
}
return 0;
}
-static struct table *table_lookup_global(struct eval_ctx *ctx)
-{
- struct table *table;
-
- if (ctx->table != NULL)
- return ctx->table;
-
- table = table_lookup(&ctx->cmd->handle, &ctx->nft->cache);
- if (table == NULL)
- return NULL;
-
- return table;
-}
-
static int table_not_found(struct eval_ctx *ctx)
{
struct table *table;
}
break;
case SYMBOL_SET:
- table = table_lookup_global(ctx);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ ctx->cmd->handle.table.name,
+ ctx->cmd->handle.family);
if (table == NULL)
return table_not_found(ctx);
struct table *table;
struct set *set;
- table = table_lookup_global(ctx);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ ctx->cmd->handle.table.name,
+ ctx->cmd->handle.family);
if (table == NULL)
return table_not_found(ctx);
struct stmt *stmt;
const char *type;
- table = table_lookup_global(ctx);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ ctx->cmd->handle.table.name,
+ ctx->cmd->handle.family);
if (table == NULL)
return table_not_found(ctx);
{
struct table *table;
- table = table_lookup_global(ctx);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ ctx->cmd->handle.table.name,
+ ctx->cmd->handle.family);
if (table == NULL)
return table_not_found(ctx);
struct table *table;
struct chain *chain;
- table = table_lookup(&rule->handle, &ctx->nft->cache);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ rule->handle.table.name,
+ rule->handle.family);
if (!table)
return table_not_found(ctx);
struct table *table;
struct rule *rule;
- table = table_lookup_global(ctx);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ ctx->cmd->handle.table.name,
+ ctx->cmd->handle.family);
if (table == NULL)
return table_not_found(ctx);
{
struct table *table;
- table = table_lookup_global(ctx);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ ctx->cmd->handle.table.name,
+ ctx->cmd->handle.family);
if (!table)
return table_not_found(ctx);
struct set *set;
struct obj *obj;
- if (table_lookup(&ctx->cmd->handle, &ctx->nft->cache) == NULL) {
- if (table == NULL) {
+ if (!table_cache_find(&ctx->nft->cache.table_cache,
+ ctx->cmd->handle.table.name,
+ ctx->cmd->handle.family)) {
+ if (!table) {
table = table_alloc();
handle_merge(&table->handle, &ctx->cmd->handle);
- table_add_hash(table, &ctx->nft->cache);
+ table_cache_add(table, &ctx->nft->cache);
} else {
- table_add_hash(table_get(table), &ctx->nft->cache);
+ table_cache_add(table_get(table), &ctx->nft->cache);
}
}
if (!cmd->handle.table.name)
return;
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
if (!table)
return;
- list_del(&table->list);
+ table_cache_del(table);
table_free(table);
}
if (obj_type == NFT_OBJECT_UNSPEC)
obj_type = NFT_OBJECT_COUNTER;
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
if (table == NULL)
return table_not_found(ctx);
if (cmd->handle.table.name == NULL)
return 0;
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
return 0;
case CMD_OBJ_SET:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
set = set_cache_find(table, cmd->handle.set.name);
return 0;
case CMD_OBJ_METER:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
set = set_cache_find(table, cmd->handle.set.name);
return 0;
case CMD_OBJ_MAP:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
set = set_cache_find(table, cmd->handle.set.name);
return 0;
case CMD_OBJ_CHAIN:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
if (!chain_cache_find(table, cmd->handle.chain.name))
return 0;
case CMD_OBJ_FLOWTABLE:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
ft = ft_cache_find(table, cmd->handle.flowtable.name);
case CMD_OBJ_SYNPROXYS:
if (cmd->handle.table.name == NULL)
return 0;
- if (table_lookup(&cmd->handle, &ctx->nft->cache) == NULL)
+ if (!table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family))
return table_not_found(ctx);
return 0;
case CMD_OBJ_QUOTAS:
if (cmd->handle.table.name == NULL)
return 0;
- if (table_lookup(&cmd->handle, &ctx->nft->cache) == NULL)
+ if (!table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family))
return table_not_found(ctx);
return 0;
static int cmd_evaluate_flush(struct eval_ctx *ctx, struct cmd *cmd)
{
+ struct cache *table_cache = &ctx->nft->cache.table_cache;
struct table *table;
struct set *set;
/* Chains don't hold sets */
break;
case CMD_OBJ_SET:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(table_cache, cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
set = set_cache_find(table, cmd->handle.set.name);
return 0;
case CMD_OBJ_MAP:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(table_cache, cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
set = set_cache_find(table, cmd->handle.set.name);
return 0;
case CMD_OBJ_METER:
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(table_cache, cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
set = set_cache_find(table, cmd->handle.set.name);
switch (cmd->obj) {
case CMD_OBJ_CHAIN:
- table = table_lookup(&ctx->cmd->handle, &ctx->nft->cache);
- if (table == NULL)
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
+ if (!table)
return table_not_found(ctx);
if (!chain_cache_find(table, ctx->cmd->handle.chain.name))
json_t *root = json_array(), *tmp;
struct table *table;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (family != NFPROTO_UNSPEC &&
table->handle.family != family)
continue;
json_t *root = json_array();
struct table *table;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (family != NFPROTO_UNSPEC &&
table->handle.family != family)
continue;
struct table *table;
struct chain *chain;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
struct table *table;
struct set *set;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
struct table *table;
struct obj *obj;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
struct flowtable *flowtable;
struct table *table;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
json_t *root;
if (cmd->handle.table.name)
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
switch (cmd->obj) {
case CMD_OBJ_TABLE:
static void nft_exit(struct nft_ctx *ctx)
{
+ cache_free(&ctx->cache.table_cache);
expr_handler_exit();
ct_label_table_exit(ctx);
realm_table_rt_exit(ctx);
ctx->state = xzalloc(sizeof(struct parser_state));
nft_ctx_add_include_path(ctx, DEFAULT_INCLUDE_PATH);
ctx->parser_max_errors = 10;
- init_list_head(&ctx->cache.list);
+ cache_init(&ctx->cache.table_cache);
ctx->top_scope = scope_alloc();
ctx->flags = flags;
ctx->output.output_fp = stdout;
t = netlink_delinearize_table(monh->ctx, nlt);
nftnl_table_free(nlt);
- table_add_hash(t, &monh->ctx->nft->cache);
+ table_cache_add(t, &monh->ctx->nft->cache);
}
static void netlink_events_cache_deltable(struct netlink_mon_handler *monh,
h.family = nftnl_table_get_u32(nlt, NFTNL_TABLE_FAMILY);
h.table.name = nftnl_table_get_str(nlt, NFTNL_TABLE_NAME);
- t = table_lookup(&h, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ h.table.name, h.family);
if (t == NULL)
goto out;
- list_del(&t->list);
+ table_cache_del(t);
table_free(t);
out:
nftnl_table_free(nlt);
goto out;
s->init = set_expr_alloc(monh->loc, s);
- t = table_lookup(&s->handle, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ s->handle.table.name, s->handle.family);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache set: table not found.\n");
set_free(s);
if (obj == NULL)
goto out;
- t = table_lookup(&obj->handle, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ obj->handle.table.name, obj->handle.family);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache object: table not found.\n");
obj_free(obj);
type = nftnl_obj_get_u32(nlo, NFTNL_OBJ_TYPE);
h.handle.id = nftnl_obj_get_u64(nlo, NFTNL_OBJ_HANDLE);
- t = table_lookup(&h, &monh->ctx->nft->cache);
+ t = table_cache_find(&monh->ctx->nft->cache.table_cache,
+ h.table.name, h.family);
if (t == NULL) {
fprintf(stderr, "W: Unable to cache object: table not found.\n");
goto out;
if (!h.table.name)
return NULL;
- table = table_lookup(&h, cache);
+ table = table_cache_find(&cache->table_cache, h.table.name, h.family);
if (!table)
return NULL;
handle_merge(&h, &set->handle);
pctx->rule = rule_alloc(&netlink_location, &h);
- pctx->table = table_lookup(&set->handle, cache);
+ pctx->table = table_cache_find(&cache->table_cache,
+ set->handle.table.name,
+ set->handle.family);
assert(pctx->table != NULL);
if (netlink_parse_expr(nle, pctx) < 0)
h.position.id = nftnl_rule_get_u64(nlr, NFTNL_RULE_POSITION);
pctx->rule = rule_alloc(&netlink_location, &h);
- pctx->table = table_lookup(&h, &ctx->nft->cache);
+ pctx->table = table_cache_find(&ctx->nft->cache.table_cache,
+ h.table.name, h.family);
assert(pctx->table != NULL);
pctx->rule->comment = nftnl_rule_get_comment(nlr);
string_misspell_init(&st);
- list_for_each_entry(table, &cache->list, list) {
+ list_for_each_entry(table, &cache->table_cache.list, cache.list) {
list_for_each_entry(set, &table->set_cache.list, cache.list) {
if (set_is_anonymous(set->flags))
continue;
struct set *set_lookup_global(uint32_t family, const char *table,
const char *name, struct nft_cache *cache)
{
- struct handle h;
struct table *t;
- h.family = family;
- h.table.name = table;
-
- t = table_lookup(&h, cache);
+ t = table_cache_find(&cache->table_cache, table, family);
if (t == NULL)
return NULL;
string_misspell_init(&st);
- list_for_each_entry(table, &cache->list, list) {
+ list_for_each_entry(table, &cache->table_cache.list, cache.list) {
list_for_each_entry(chain, &table->chain_cache.list, cache.list) {
if (!strcmp(chain->handle.chain.name, h->chain.name)) {
*t = table;
return table;
}
-void table_add_hash(struct table *table, struct nft_cache *cache)
-{
- list_add_tail(&table->list, &cache->list);
-}
-
-struct table *table_lookup(const struct handle *h,
- const struct nft_cache *cache)
-{
- struct table *table;
-
- list_for_each_entry(table, &cache->list, list) {
- if (table->handle.family == h->family &&
- !strcmp(table->handle.table.name, h->table.name))
- return table;
- }
- return NULL;
-}
-
struct table *table_lookup_fuzzy(const struct handle *h,
const struct nft_cache *cache)
{
string_misspell_init(&st);
- list_for_each_entry(table, &cache->list, list) {
+ list_for_each_entry(table, &cache->table_cache.list, cache.list) {
if (!strcmp(table->handle.table.name, h->table.name))
return table;
struct table *table;
struct set *set;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
string_misspell_init(&st);
- list_for_each_entry(table, &cache->list, list) {
+ list_for_each_entry(table, &cache->table_cache.list, cache.list) {
list_for_each_entry(obj, &table->obj_cache.list, cache.list) {
if (!strcmp(obj->handle.obj.name, obj_name)) {
*t = table;
struct table *table;
struct obj *obj;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
string_misspell_init(&st);
- list_for_each_entry(table, &cache->list, list) {
+ list_for_each_entry(table, &cache->table_cache.list, cache.list) {
list_for_each_entry(ft, &table->ft_cache.list, cache.list) {
if (!strcmp(ft->handle.flowtable.name, ft_name)) {
*t = table;
struct flowtable *flowtable;
struct table *table;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
unsigned int family = cmd->handle.family;
struct table *table;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (family != NFPROTO_UNSPEC &&
table->handle.family != family)
continue;
{
struct table *table;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
struct table *table;
struct chain *chain;
- list_for_each_entry(table, &ctx->nft->cache.list, list) {
+ list_for_each_entry(table, &ctx->nft->cache.table_cache.list, cache.list) {
if (cmd->handle.family != NFPROTO_UNSPEC &&
cmd->handle.family != table->handle.family)
continue;
return do_command_list_json(ctx, cmd);
if (cmd->handle.table.name != NULL)
- table = table_lookup(&cmd->handle, &ctx->nft->cache);
-
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
switch (cmd->obj) {
case CMD_OBJ_TABLE:
if (!cmd->handle.table.name)
ret = netlink_reset_objs(ctx, cmd, type, dump);
list_for_each_entry_safe(obj, next, &ctx->list, list) {
- table = table_lookup(&obj->handle, &ctx->nft->cache);
+ table = table_cache_find(&ctx->nft->cache.table_cache,
+ obj->handle.table.name,
+ obj->handle.family);
if (!obj_cache_find(table, obj->handle.obj.name, obj->type)) {
list_del(&obj->list);
obj_cache_add(obj, table);
static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd)
{
- struct table *table = table_lookup(&cmd->handle, &ctx->nft->cache);
+ struct table *table = table_cache_find(&ctx->nft->cache.table_cache,
+ cmd->handle.table.name,
+ cmd->handle.family);
const struct chain *chain;
switch (cmd->obj) {
projects / thirdparty / nftables.git / commitdiff
