]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 61dc3b1)
tests: shell: Improve performance of 0021prio_0
authorPhil Sutter <phil@nwl.cc>
Tue, 25 Sep 2018 12:24:16 +0000 (14:24 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 26 Sep 2018 08:32:28 +0000 (10:32 +0200)
This test called nft binary 391 times and took about 38s to complete on
my testing VM. Improve this by writing all commands into a temporary
file for processing in a single nft call. Reduces run-time to about 4s.

Interestingly, piping the sub-process's output directly into 'nft -f -'
leads to spurious errors (parser complaining about perfectly fine
syntax). It seems like handling large input this way is not possible.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
tests/shell/testcases/chains/0021prio_0 patch | blob | blame | history

diff --git a/tests/shell/testcases/chains/0021prio_0 b/tests/shell/testcases/chains/0021prio_0
index b54b6fae32c6316cfff9e52b92809d9bb8ff7d92..e761297492baf542b070f4f95d6e6dda4c38cfba 100755 (executable)
--- a/tests/shell/testcases/chains/0021prio_0
+++ b/tests/shell/testcases/chains/0021prio_0
@@ -32,14 +32,22 @@ gen_chains () {
        for i in -11 -10 0 10 11
        do
                local offset=`format_offset $i`
-               local chainname=`chainname $hook $prioname $offset`
-               $NFT add chain $family x $chainname "{ type filter hook $hook $device priority $prioname $offset; }"
+               local cmd="add chain $family x"
+               cmd+=" `chainname $hook $prioname $offset` {"
+               cmd+=" type filter hook $hook $device"
+               cmd+=" priority $prioname $offset; }"
+               echo "$cmd"
        done
 }
 
+tmpfile=$(mktemp)
+trap "rm $tmpfile" EXIT
+
+(
+
 for family in ip ip6 inet
 do
-       $NFT add table $family x
+       echo "add table $family x"
        for hook in prerouting input forward output postrouting
        do
                for prioname in raw mangle filter security
@@ -47,24 +55,23 @@ do
                        gen_chains $family $hook $prioname
                done
        done
-
        gen_chains $family prerouting dstnat
        gen_chains $family postrouting srcnat
 done
 
 family=arp
-$NFT add table $family x
+echo "add table $family x"
 for hook in input output
 do
        gen_chains $family $hook filter
 done
 
 family=netdev
-$NFT add table $family x
+echo "add table $family x"
 gen_chains $family ingress filter lo
 
 family=bridge
-$NFT add table $family x
+echo "add table $family x"
 for hook in prerouting input forward output postrouting
 do
        gen_chains $family $hook filter
@@ -72,3 +79,6 @@ done
 gen_chains $family prerouting dstnat
 gen_chains $family output out
 gen_chains $family postrouting srcnat
+
+) >$tmpfile
+$NFT -f $tmpfile
Mirror of git://git.netfilter.org/nftables