mnl: Increase BATCH_PAGE_SIZE to support huge rulesets

author Phil Sutter <phil@nwl.cc>

Wed, 14 Apr 2021 11:47:47 +0000 (13:47 +0200)

committer Phil Sutter <phil@nwl.cc>

Wed, 21 Apr 2021 10:40:54 +0000 (12:40 +0200)
author Phil Sutter <phil@nwl.cc>
Wed, 14 Apr 2021 11:47:47 +0000 (13:47 +0200)
committer Phil Sutter <phil@nwl.cc>
Wed, 21 Apr 2021 10:40:54 +0000 (12:40 +0200)
diff --git a/src/mnl.c b/src/mnl.c

index deea586f9b002cce1a20f8d915a92f891b29f0a6..d5ea87d8d6092e21273f54fc78a171e0dbccde6d 100644 (file)
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -160,11 +160,11 @@ static int check_genid(const struct nlmsghdr *nlh)
   * Batching
   */
  
-/* selected batch page is 256 Kbytes long to load ruleset of
- * half a million rules without hitting -EMSGSIZE due to large
- * iovec.
+/* Selected batch page is 2 Mbytes long to support loading a ruleset of 3.5M
+ * rules matching on source and destination address as well as input and output
+ * interfaces. This is what legacy iptables supports.
   */
-#define BATCH_PAGE_SIZE getpagesize() * 32
+#define BATCH_PAGE_SIZE 2 * 1024 * 1024
  
  struct nftnl_batch *mnl_batch_init(void)
  {
author	Phil Sutter <phil@nwl.cc>
	Wed, 14 Apr 2021 11:47:47 +0000 (13:47 +0200)
committer	Phil Sutter <phil@nwl.cc>
	Wed, 21 Apr 2021 10:40:54 +0000 (12:40 +0200)