From: Thomas Haller <thaller@redhat.com>
To: NetFilter <netfilter-devel@vger.kernel.org>
Cc: Thomas Haller <thaller@redhat.com>
Subject: [PATCH nft 2/4] src: add ops_cache struct for caching information during parsing
Date: Fri, 25 Aug 2023 15:24:18 +0200 [thread overview]
Message-ID: <20230825132942.2733840-3-thaller@redhat.com> (raw)
In-Reply-To: <20230825132942.2733840-1-thaller@redhat.com>
The "ops_cache" will be used for caching the current timestamp
(time(NULL)) for the duration of one operation. It will ensure that all
decisions regarding the time, are based on the same timestamp.
Add the struct for that. The content will be added next.
There is already "struct nft_cache", but that seems to have a
different purpose. Hence, instead of extending "struct nft_cache",
add a new "struct ops_cache".
The difficulty is invalidating the cache and find the right places
to call nft_ctx_reset_ops_cache().
Signed-off-by: Thomas Haller <thaller@redhat.com>
---
include/datatype.h | 8 ++++++++
include/nftables.h | 3 +++
src/evaluate.c | 5 +++--
src/libnftables.c | 17 +++++++++++++++++
4 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/include/datatype.h b/include/datatype.h
index 9ce7359cd340..79d996edd348 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -120,6 +120,13 @@ enum byteorder {
struct expr;
+struct ops_cache {
+};
+
+#define CTX_CACHE_INIT() \
+ { \
+ }
+
/**
* enum datatype_flags
*
@@ -182,6 +189,7 @@ struct datatype *dtype_clone(const struct datatype *orig_dtype);
struct parse_ctx {
struct symbol_tables *tbl;
const struct input_ctx *input;
+ struct ops_cache *ops_cache;
};
extern struct error_record *symbol_parse(struct parse_ctx *ctx,
diff --git a/include/nftables.h b/include/nftables.h
index 219a10100206..b0a7f2f874ca 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -6,6 +6,7 @@
#include <utils.h>
#include <cache.h>
#include <nftables/libnftables.h>
+#include <datatype.h>
struct cookie {
FILE *fp;
@@ -47,6 +48,7 @@ struct output_ctx {
struct cookie error_cookie;
};
struct symbol_tables tbl;
+ struct ops_cache *ops_cache;
};
static inline bool nft_output_reversedns(const struct output_ctx *octx)
@@ -136,6 +138,7 @@ struct nft_ctx {
struct output_ctx output;
bool check;
struct nft_cache cache;
+ struct ops_cache ops_cache;
uint32_t flags;
uint32_t optimize_flags;
struct parser_state *state;
diff --git a/src/evaluate.c b/src/evaluate.c
index fdd2433b4780..ea910786f3e4 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -43,8 +43,9 @@
static struct parse_ctx *parse_ctx_init(struct parse_ctx *parse_ctx, const struct eval_ctx *ctx)
{
struct parse_ctx tmp = {
- .tbl = &ctx->nft->output.tbl,
- .input = &ctx->nft->input,
+ .tbl = &ctx->nft->output.tbl,
+ .input = &ctx->nft->input,
+ .ops_cache = &ctx->nft->ops_cache,
};
/* "tmp" only exists, so we can search for "/struct parse_ctx .*=/" and find the location
diff --git a/src/libnftables.c b/src/libnftables.c
index 9c802ec95f27..e520bac76dfa 100644
--- a/src/libnftables.c
+++ b/src/libnftables.c
@@ -19,6 +19,15 @@
#include <stdlib.h>
#include <string.h>
+static void nft_ctx_reset_ops_cache(struct nft_ctx *ctx)
+{
+ ctx->ops_cache = (struct ops_cache) CTX_CACHE_INIT();
+
+ /* The cache is also referenced by the output context. Set
+ * up the pointer. */
+ ctx->output.ops_cache = &ctx->ops_cache;
+}
+
static int nft_netlink(struct nft_ctx *nft,
struct list_head *cmds, struct list_head *msgs)
{
@@ -37,6 +46,8 @@ static int nft_netlink(struct nft_ctx *nft,
if (list_empty(cmds))
goto out;
+ nft_ctx_reset_ops_cache(nft);
+
batch_seqnum = mnl_batch_begin(ctx.batch, mnl_seqnum_alloc(&seqnum));
list_for_each_entry(cmd, cmds, list) {
ctx.seqnum = cmd->seqnum = mnl_seqnum_alloc(&seqnum);
@@ -522,6 +533,8 @@ static int nft_evaluate(struct nft_ctx *nft, struct list_head *msgs,
unsigned int flags;
int err = 0;
+ nft_ctx_reset_ops_cache(nft);
+
filter = nft_cache_filter_init();
if (nft_cache_evaluate(nft, cmds, msgs, filter, &flags) < 0) {
nft_cache_filter_fini(filter);
@@ -630,6 +643,8 @@ err:
if (rc || nft->check)
nft_cache_release(&nft->cache);
+ nft_ctx_reset_ops_cache(nft);
+
return rc;
}
@@ -740,6 +755,8 @@ err:
scope_release(nft->state->scopes[0]);
+ nft_ctx_reset_ops_cache(nft);
+
return rc;
}
--
2.41.0
next prev parent reply other threads:[~2023-08-25 13:31 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-25 13:24 [PATCH nft 0/4] add operation cache for timestamp Thomas Haller
2023-08-25 13:24 ` [PATCH nft 1/4] evaluate: add and use parse_ctx_init() helper method Thomas Haller
2023-08-25 13:24 ` Thomas Haller [this message]
2023-08-28 15:00 ` [PATCH nft 2/4] src: add ops_cache struct for caching information during parsing Pablo Neira Ayuso
2023-08-25 13:24 ` [PATCH nft 3/4] src: cache result of time() during parsing/output Thomas Haller
2023-08-28 15:02 ` Pablo Neira Ayuso
2023-08-25 13:24 ` [PATCH nft 4/4] src: cache GMT offset for current time " Thomas Haller
2023-08-29 15:38 ` [PATCH nft 0/4] add operation cache for timestamp Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230825132942.2733840-3-thaller@redhat.com \
--to=thaller@redhat.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).