[Bug 1439] Atomically updating/reloading a large set with nft -f is excessively slow

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Thu Jul 30 04:48:26 CEST 2020


https://bugzilla.netfilter.org/show_bug.cgi?id=1439

--- Comment #8 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Testing with nftables at 7c9bef0c

# nft add table inet filter
# nft add set inet filter ipv6_bogons { type ipv6_addr\; flags interval\; }

# nft list ruleset
table inet filter {
        set ipv6_bogons {
                type ipv6_addr
                flags interval
        }
}

... download your bogons tarball, decompress

# nft -f ipv6_bogons.nft
... few seconds
# nft -f ipv6_bogons.nft
... few seconds
# nft list ruleset | wc -l
113210

Are you sure you are running a fresh nft binary?

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200730/e420c45e/attachment.html>


More information about the netfilter-buglog mailing list