From: Phil Sutter <phil@nwl.cc>
Date: Wed, 14 Apr 2021 11:47:47 +0000 (+0200)
Subject: mnl: Increase BATCH_PAGE_SIZE to support huge rulesets
X-Git-Tag: v0.9.9~49
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=5f6f20913c862f6a844a8f7143ed074284423897;p=thirdparty%2Fnftables.git

mnl: Increase BATCH_PAGE_SIZE to support huge rulesets

Apply the same change from iptables-nft to nftables to keep them in
sync with regards to max supported transaction sizes.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---

diff --git a/src/mnl.c b/src/mnl.c
index deea586f..d5ea87d8 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -160,11 +160,11 @@ static int check_genid(const struct nlmsghdr *nlh)
  * Batching
  */
 
-/* selected batch page is 256 Kbytes long to load ruleset of
- * half a million rules without hitting -EMSGSIZE due to large
- * iovec.
+/* Selected batch page is 2 Mbytes long to support loading a ruleset of 3.5M
+ * rules matching on source and destination address as well as input and output
+ * interfaces. This is what legacy iptables supports.
  */
-#define BATCH_PAGE_SIZE getpagesize() * 32
+#define BATCH_PAGE_SIZE 2 * 1024 * 1024
 
 struct nftnl_batch *mnl_batch_init(void)
 {