* [PATCH nft 1/2] mnl: larger receive socket buffer for netlink errors
@ 2020-09-14 10:09 Pablo Neira Ayuso
2020-09-14 10:09 ` [PATCH nft 2/2] libnftables: avoid repeated command list traversal on errors Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-09-14 10:09 UTC (permalink / raw)
To: netfilter-devel
Assume each error in the batch will result in a 1k notification for the
non-echo flag set on case as described in 860671662d3f ("mnl: fix --echo
buffer size again").
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/mnl.c | 21 +++++----------------
1 file changed, 5 insertions(+), 16 deletions(-)
diff --git a/src/mnl.c b/src/mnl.c
index ca4f4b2acda9..6699b917c450 100644
--- a/src/mnl.c
+++ b/src/mnl.c
@@ -273,24 +273,16 @@ static int mnl_set_rcvbuffer(const struct mnl_socket *nl, socklen_t bufsiz)
return ret;
}
-static size_t mnl_nft_batch_to_msg(struct netlink_ctx *ctx, struct msghdr *msg,
- const struct sockaddr_nl *snl,
- struct iovec *iov, unsigned int iov_len)
+static void mnl_nft_batch_to_msg(struct netlink_ctx *ctx, struct msghdr *msg,
+ const struct sockaddr_nl *snl,
+ struct iovec *iov, unsigned int iov_len)
{
- unsigned int i;
- size_t len = 0;
-
msg->msg_name = (struct sockaddr_nl *)snl;
msg->msg_namelen = sizeof(*snl);
msg->msg_iov = iov;
msg->msg_iovlen = iov_len;
nftnl_batch_iovec(ctx->batch, iov, iov_len);
-
- for (i = 0; i < iov_len; i++)
- len += msg->msg_iov[i].iov_len;
-
- return len;
}
static ssize_t mnl_nft_socket_sendmsg(struct netlink_ctx *ctx,
@@ -385,7 +377,6 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list,
struct iovec iov[iov_len];
struct msghdr msg = {};
unsigned int rcvbufsiz;
- size_t batch_size;
fd_set readfds;
static mnl_cb_t cb_ctl_array[NLMSG_MIN_TYPE] = {
[NLMSG_ERROR] = mnl_batch_extack_cb,
@@ -397,14 +388,12 @@ int mnl_batch_talk(struct netlink_ctx *ctx, struct list_head *err_list,
mnl_set_sndbuffer(ctx->nft->nf_sock, ctx->batch);
- batch_size = mnl_nft_batch_to_msg(ctx, &msg, &snl, iov, iov_len);
+ mnl_nft_batch_to_msg(ctx, &msg, &snl, iov, iov_len);
+ rcvbufsiz = num_cmds * 1024;
if (nft_output_echo(&ctx->nft->output)) {
- rcvbufsiz = num_cmds * 1024;
if (rcvbufsiz < NFT_MNL_ECHO_RCVBUFF_DEFAULT)
rcvbufsiz = NFT_MNL_ECHO_RCVBUFF_DEFAULT;
- } else {
- rcvbufsiz = num_cmds * div_round_up(batch_size, num_cmds) * 4;
}
mnl_set_rcvbuffer(ctx->nft->nf_sock, rcvbufsiz);
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [PATCH nft 2/2] libnftables: avoid repeated command list traversal on errors
2020-09-14 10:09 [PATCH nft 1/2] mnl: larger receive socket buffer for netlink errors Pablo Neira Ayuso
@ 2020-09-14 10:09 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-09-14 10:09 UTC (permalink / raw)
To: netfilter-devel
From: Jindrich Makovicka <makovick@gmail.com>
Because the command seqnums are monotonic, repeated traversals
of the cmds list from the beginning are not necessary as long as
the error seqnums are also monotonic.
Signed-off-by: Jindrich Makovicka <makovick@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
via netfilter's bugzilla.
src/libnftables.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/src/libnftables.c b/src/libnftables.c
index fce52ad4003b..a180a9a30b3d 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -21,7 +21,7 @@ static int nft_netlink(struct nft_ctx *nft,
struct list_head *cmds, struct list_head *msgs,
struct mnl_socket *nf_sock)
{
- uint32_t batch_seqnum, seqnum = 0, num_cmds = 0;
+ uint32_t batch_seqnum, seqnum = 0, last_seqnum = UINT32_MAX, num_cmds = 0;
struct netlink_ctx ctx = {
.nft = nft,
.msgs = msgs,
@@ -65,7 +65,14 @@ static int nft_netlink(struct nft_ctx *nft,
ret = -1;
list_for_each_entry_safe(err, tmp, &err_list, head) {
- list_for_each_entry(cmd, cmds, list) {
+ /* cmd seqnums are monotonic: only reset the starting position
+ * if the error seqnum is lower than the previous one.
+ */
+ if (err->seqnum < last_seqnum)
+ cmd = list_first_entry(cmds, struct cmd, list);
+
+ list_for_each_entry_from(cmd, cmds, list) {
+ last_seqnum = cmd->seqnum;
if (err->seqnum == cmd->seqnum ||
err->seqnum == batch_seqnum) {
nft_cmd_error(&ctx, cmd, err);
@@ -76,6 +83,11 @@ static int nft_netlink(struct nft_ctx *nft,
}
}
}
+
+ if (&cmd->list == cmds) {
+ /* not found, rewind */
+ last_seqnum = UINT32_MAX;
+ }
}
out:
mnl_batch_reset(ctx.batch);
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-14 10:09 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-09-14 10:09 [PATCH nft 1/2] mnl: larger receive socket buffer for netlink errors Pablo Neira Ayuso
2020-09-14 10:09 ` [PATCH nft 2/2] libnftables: avoid repeated command list traversal on errors Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).