libiptc caching to speed up find_label().
Makefile distrib target for userspace.
diff --git a/Makefile b/Makefile
index 6090e4f..e142db4 100644
--- a/Makefile
+++ b/Makefile
@@ -4,14 +4,15 @@
ifndef KERNEL_DIR
KERNEL_DIR=/usr/src/linux
endif
-NETFILTER_VERSION:=1.0.0alpha
+NETFILTER_VERSION:=1.0.0beta
+OLD_NETFILTER_VERSION:=1.0.0alpha
LIBDIR:=/usr/local/lib
BINDIR:=/usr/local/bin
MANDIR:=/usr/local/man
-COPT_FLAGS:=-O
-CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" -g
+COPT_FLAGS:=-O2
+CFLAGS:=$(COPT_FLAGS) -Wall -Wunused -Iinclude/ -I$(KERNEL_DIR)/include -DNETFILTER_VERSION=\"$(NETFILTER_VERSION)\" #-g -pg
DEPFILES := $(SHARED_LIBS:%.so=%.d)
SH_CFLAGS:=$(CFLAGS) -fPIC
@@ -59,6 +60,33 @@
iptables-standalone.d iptables.d: %.d: %.c
@-$(CC) -M -MG $(CFLAGS) $< | sed -e 's@^.*\.o:@$*.d $*.o:@' > $@
+
+# Rusty's distro magic.
+distrib: check nowhitespace distclean delrelease /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2 diff md5sums
+
+# Makefile must not define:
+# -g -pg
+check:
+ @if echo $(CFLAGS) | egrep 'DEBUG|-g|-pg' >/dev/null; then echo Remove debugging flags; exit 1; else exit 0; fi
+
+nowhitespace:
+ @if grep -n ' $$' `find . -name 'Makefile' -o -name '*.[ch]'`; then exit 1; else exit 0; fi
+
+delrelease:
+ rm -f /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2
+
+/home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2:
+ cd .. && ln -sf userspace iptables-$(NETFILTER_VERSION) && tar cvf - --exclude CVS --exclude iptables-$(NETFILTER_VERSION)/. | bzip2 -9 > $@ && rm iptables-$(NETFILTER_VERSION)
+
+diff: /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2
+ @mkdir /tmp/diffdir
+ @cd /tmp/diffdir && tar xfI /home/public/netfilter/iptables-$(NETFILTER_VERSION).tar.bz2
+ @set -e; cd /tmp/diffdir; tar xfI /home/public/netfilter/iptables-$(OLD_NETFILTER_VERSION).tar.bz2; echo Creating patch-iptables-$(OLD_NETFILTER_VERSION)-$(NETFILTER_VERSION).bz2; diff -urN iptables-$(OLD_NETFILTER_VERSION) iptables-$(NETFILTER_VERSION) | bzip2 -9 > /home/public/netfilter/patch-iptables-$(OLD_NETFILTER_VERSION)-$(NETFILTER_VERSION).bz2
+ @rm -rf /tmp/diffdir
+
+md5sums:
+ cd /home/public/netfilter/ && md5sum patch-iptables-*-$(NETFILTER_VERSION).bz2 iptables-$(NETFILTER_VERSION).tar.bz2
+
# $(wildcard) fails wierdly with make v.3.78.1.
include $(shell echo */Makefile)
include Rules.make
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 3d7e365..bc235fb 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -69,11 +69,24 @@
/* Array of hook names */
const char **hooknames;
+ /* This was taking us ~50 seconds to list 300 rules. */
+ /* Cached: last find_label result */
+ char cache_label_name[IPT_TABLE_MAXNAMELEN];
+ int cache_label_return;
+ unsigned int cache_label_offset;
+
/* Number in here reflects current state. */
unsigned int new_number;
struct ipt_get_entries entries;
};
+static void
+set_changed(iptc_handle_t h)
+{
+ h->cache_label_name[0] = '\0';
+ h->changed = 1;
+}
+
static void do_check(iptc_handle_t h, unsigned int line);
#define CHECK(h) do_check((h), __LINE__)
@@ -178,6 +191,7 @@
}
h->changed = 0;
+ h->cache_label_name[0] = '\0';
h->counter_map = (void *)h
+ sizeof(struct iptc_handle)
+ size;
@@ -376,6 +390,13 @@
{
unsigned int i;
+ /* Cached? */
+ if (handle->cache_label_name[0]
+ && strcmp(name, handle->cache_label_name) == 0) {
+ *off = handle->cache_label_offset;
+ return handle->cache_label_return;
+ }
+
/* Builtin chain name? */
i = iptc_builtin(name, handle);
if (i != 0) {
@@ -388,10 +409,16 @@
if (IPT_ENTRY_ITERATE(handle->entries.entries, handle->entries.size,
find_user_label, off, name) != 0) {
/* last error node doesn't count */
- if (*off != handle->entries.size)
+ if (*off != handle->entries.size) {
+ strcpy(handle->cache_label_name, name);
+ handle->cache_label_offset = *off;
+ handle->cache_label_return = 1;
return 1;
+ }
}
+ strcpy(handle->cache_label_name, name);
+ handle->cache_label_return = 0;
return 0;
}
@@ -651,7 +678,7 @@
correct_verdict, (*handle)->entries.entries,
offset, delta_offset);
- (*handle)->changed = 1;
+ set_changed(*handle);
return 1;
}
@@ -1194,7 +1221,7 @@
if ((*handle)->counter_map[i].maptype ==COUNTER_MAP_NORMAL_MAP)
(*handle)->counter_map[i].maptype = COUNTER_MAP_ZEROED;
}
- (*handle)->changed = 1;
+ set_changed(*handle);
CHECK(*handle);
return 1;
@@ -1382,7 +1409,7 @@
memset(t->error, 0, sizeof(t->error));
strcpy(t->error, newname);
- (*handle)->changed = 1;
+ set_changed(*handle);
CHECK(*handle);
return 1;
@@ -1428,7 +1455,7 @@
}
(*handle)->counter_map[entry2index(*handle, e)]
= ((struct counter_map){ COUNTER_MAP_NOMAP, 0 });
- (*handle)->changed = 1;
+ set_changed(*handle);
CHECK(*handle);
return 1;