[PATCH] libiptc.c blob parser
Paul C. Diem
PCDiem at FoxValley.net
Sat Jun 24 06:52:29 CEST 2006
We have about 30,000 mangle table rules in about 8,000 chains. iptc_init
takes about 10 seconds just to load and parse the table. The problem is the
second parse phase that iterates through every chain and every rule
searching for the offset of the target for every jump rule.
I've applied the following small patch that loads the offset of the chain
entry into the comefrom field of the first rule ipt entry in each
user-defined chain in the first pass. This comefrom field is then used in
the second pass to easily locate the target chain. This minor change has
reduced the load time of our mangle table to 1 second.
Paul C. Diem
PCDiem at FoxValley.net
309a310,314
> /*+PCD
> * Modification to use the offset to the chain entry in the ipt
> * entry comefrom field as loaded by iptcc_find_chain_by_offset.
> */
> #if 0
319a325,329
> #else
> STRUCT_ENTRY * e = ((STRUCT_ENTRY *)((char *)handle->entries->entrytable
+ offset));
> return (struct chain_head *)((char *)e + e->comefrom);
> #endif
> /*-PCD*/
496a507,512
> /*+PCD
> * Load the offset to the chain entry relative to the
> * ipt entry into the ipt entry comefrom field.
> */
> e->comefrom = (char *)h->chains.prev - (char *)e;
> /*-PCD*/
More information about the netfilter-devel
mailing list