[Bug 1735] Adding nftables interval sets progressively gets slower and makes the nft CLI less responsive with each added set
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Wed Jan 31 02:00:11 CET 2024
https://bugzilla.netfilter.org/show_bug.cgi?id=1735
--- Comment #2 from anton.khazan at gmail.com ---
Update: the author of BanIP (OpenWRT application doing similar tasks with
interval sets) shared their method of populating sets and listing the contents
of a table, which avoids the bug. Attaching their version of the test script
for comparison. Looking at the differences, I'm starting to suspect that some
commands cause nftables to re-process all accumulated sets (which causes spikes
in memory use and reduced responsiveness), and some don't. 'nft list tables'
does, while 'nft list ruleset' doesn't. BanIP method of populating the sets
doesn't, while my method does. I still really don't completely understand why
but this looks like a bug to me.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240131/3109d231/attachment.html>
More information about the netfilter-buglog
mailing list