nft: Initialize a table only once
This helps to remove some runtime overhead, especially when running
xtables-restore.
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/iptables/nft.c b/iptables/nft.c
index 501c6d8..49322bd 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -436,6 +436,9 @@
struct nft_table *t;
int ret;
+ if (_t->initialized)
+ return 0;
+
t = nft_table_alloc();
if (t == NULL)
return -1;
@@ -464,6 +467,10 @@
if (errno != EEXIST)
perror("mnl-talk:nft_table_init_one");
}
+
+ if (ret == 0 || errno == EEXIST)
+ _t->initialized = true;
+
return ret;
}
@@ -2414,6 +2421,9 @@
uint32_t table_family, chain_family;
bool found = false;
+ if (h->restore)
+ return 0;
+
if (xtables_config_parse(filename, table_list, chain_list) < 0) {
if (errno == ENOENT) {
xtables_config_perror(flags,
diff --git a/iptables/nft.h b/iptables/nft.h
index 3b58d51..c31371c 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -22,6 +22,7 @@
struct builtin_table {
const char *name;
struct builtin_chain chains[NF_INET_NUMHOOKS];
+ bool initialized;
};
struct nft_handle {
