libiptc caching to speed up find_label().

Makefile distrib target for userspace.

diff --git a/Makefile b/Makefile
index 6090e4f8f87b030fcebfc8e8cc7f251e2b1ad1fd..e142db4696f54650cdbfedc3518ed4739f4a5101 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -4,14 +4,15 @@ TOPLEVEL_INCLUDED=YES
 ifndef KERNEL_DIR
 KERNEL_DIR=/usr/src/linux
 endif
-NETFILTER_VERSION:=1.0.0alpha
+NETFILTER_VERSION:=1.0.0beta
+OLD_NETFILTER_VERSION:=1.0.0alpha
 
 LIBDIR:=/usr/local/lib
 BINDIR:=/usr/local/bin
 MANDIR:=/usr/local/man
 
-COPT_FLAGS:=-O
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" -g
+COPT_FLAGS:=-O2
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g -pg
 
 DEPFILES := $(SHARED_LIBS:%.so=%.d)
 SH_CFLAGS:=$(CFLAGS) -fPIC
@@ -59,6 +60,33 @@ EXTRA_DEPENDS+=iptables-standalone.d iptables.d
 iptables-standalone.d iptables.d: %.d: %.c
        @-$(CC) -M -MG $(CFLAGS) $< | sed -e 's@^.*\.o:@$*.d $*.o:@' > $@
 
+
+# Rusty's distro magic.
+distrib: check nowhitespace distclean delrelease /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2 diff md5sums
+
+# Makefile must not define:
+# -g -pg
+check:
+       @if echo $(CFLAGS) | egrep 'DEBUG|-g|-pg' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi
+
+nowhitespace:
+       @if grep -n '   $$' `find . -name 'Makefile' -o -name '*.[ch]'`; then exit 1; else exit 0; fi
+
+delrelease:
+       rm -f /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2
+
+/home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2:
+       cd .. && ln -sf userspace iptables-$(NETFILTER_VERSION) && tar cvf - --exclude CVS --exclude iptables-$(NETFILTER_VERSION)/. | bzip2 -9 > $@ && rm iptables-$(NETFILTER_VERSION)
+
+diff: /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2
+       @mkdir /tmp/diffdir
+       @cd /tmp/diffdir && tar xfI /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2
+       @set -e; cd /tmp/diffdir; tar xfI /home/public/netfilter/iptables-$(OLD_NETFILTER_VERSION).tar.bz2; echo Creating patch-iptables-$(OLD_NETFILTER_VERSION)-$(NETFILTER_VERSION).bz2; diff -urN iptables-$(OLD_NETFILTER_VERSION) iptables-$(NETFILTER_VERSION) | bzip2 -9 > /home/public/netfilter/patch-iptables-$(OLD_NETFILTER_VERSION)-$(NETFILTER_VERSION).bz2
+       @rm -rf /tmp/diffdir
+
+md5sums:
+       cd /home/public/netfilter/ && md5sum patch-iptables-*-$(NETFILTER_VERSION).bz2 iptables-$(NETFILTER_VERSION).tar.bz2
+
 # $(wildcard) fails wierdly with make v.3.78.1.
 include $(shell echo */Makefile)
 include Rules.make

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 3d7e365782dccfdd64ceb5ecea33ffbb2d6d21d5..bc235fb4b7553de629232c70d3b044395f6772cf 100644 (file)
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -69,11 +69,24 @@ struct iptc_handle
        /* Array of hook names */
        const char **hooknames;
 
+       /* This was taking us ~50 seconds to list 300 rules. */
+       /* Cached: last find_label result */
+       char cache_label_name[IPT_TABLE_MAXNAMELEN];
+       int cache_label_return;
+       unsigned int cache_label_offset;
+
        /* Number in here reflects current state. */
        unsigned int new_number;
        struct ipt_get_entries entries;
 };
 
+static void
+set_changed(iptc_handle_t h)
+{
+       h->cache_label_name[0] = '\0';
+       h->changed = 1;
+}
+
 static void do_check(iptc_handle_t h, unsigned int line);
 #define CHECK(h) do_check((h), __LINE__)
 
@@ -178,6 +191,7 @@ alloc_handle(const char *tablename, unsigned int size, unsigned int num_rules)
        }
 
        h->changed = 0;
+       h->cache_label_name[0] = '\0';
        h->counter_map = (void *)h
                + sizeof(struct iptc_handle)
                + size;
@@ -376,6 +390,13 @@ find_label(unsigned int *off,
 {
        unsigned int i;
 
+       /* Cached? */
+       if (handle->cache_label_name[0]
+           && strcmp(name, handle->cache_label_name) == 0) {
+               *off = handle->cache_label_offset;
+               return handle->cache_label_return;
+       }
+
        /* Builtin chain name? */
        i = iptc_builtin(name, handle);
        if (i != 0) {
@@ -388,10 +409,16 @@ find_label(unsigned int *off,
        if (IPT_ENTRY_ITERATE(handle->entries.entries, handle->entries.size,
                              find_user_label, off, name) != 0) {
                /* last error node doesn't count */
-               if (*off != handle->entries.size)
+               if (*off != handle->entries.size) {
+                       strcpy(handle->cache_label_name, name);
+                       handle->cache_label_offset = *off;
+                       handle->cache_label_return = 1;
                        return 1;
+               }
        }
 
+       strcpy(handle->cache_label_name, name);
+       handle->cache_label_return = 0;
        return 0;
 }
 
@@ -651,7 +678,7 @@ set_verdict(unsigned int offset, int delta_offset, iptc_handle_t *handle)
                          correct_verdict, (*handle)->entries.entries,
                          offset, delta_offset);
 
-       (*handle)->changed = 1;
+       set_changed(*handle);
        return 1;
 }
 
@@ -1194,7 +1221,7 @@ iptc_zero_entries(const ipt_chainlabel chain, iptc_handle_t *handle)
                if ((*handle)->counter_map[i].maptype ==COUNTER_MAP_NORMAL_MAP)
                        (*handle)->counter_map[i].maptype = COUNTER_MAP_ZEROED;
        }
-       (*handle)->changed = 1;
+       set_changed(*handle);
 
        CHECK(*handle);
        return 1;
@@ -1382,7 +1409,7 @@ int iptc_rename_chain(const ipt_chainlabel oldname,
 
        memset(t->error, 0, sizeof(t->error));
        strcpy(t->error, newname);
-       (*handle)->changed = 1;
+       set_changed(*handle);
 
        CHECK(*handle);
        return 1;
@@ -1428,7 +1455,7 @@ iptc_set_policy(const ipt_chainlabel chain,
        }
        (*handle)->counter_map[entry2index(*handle, e)]
                = ((struct counter_map){ COUNTER_MAP_NOMAP, 0 });
-       (*handle)->changed = 1;
+       set_changed(*handle);
 
        CHECK(*handle);
        return 1;