netfilter/queue: introduce nfnl_queue_msg_send_verdict_batch()
The batched verdict implicitely ACKs all queue packet IDs up to the one send back, which reduces the number of verdict messages send to the kernel. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Thomas Graf <tgraf@suug.ch>
This commit is contained in:
parent
34a96ba5c2
commit
d612180cda
|
@ -93,6 +93,8 @@ extern unsigned int nfnl_queue_msg_get_verdict(const struct nfnl_queue_msg *);
|
||||||
extern struct nl_msg * nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *);
|
extern struct nl_msg * nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *);
|
||||||
extern int nfnl_queue_msg_send_verdict(struct nl_sock *,
|
extern int nfnl_queue_msg_send_verdict(struct nl_sock *,
|
||||||
const struct nfnl_queue_msg *);
|
const struct nfnl_queue_msg *);
|
||||||
|
extern int nfnl_queue_msg_send_verdict_batch(struct nl_sock *,
|
||||||
|
const struct nfnl_queue_msg *);
|
||||||
extern int nfnl_queue_msg_send_verdict_payload(struct nl_sock *,
|
extern int nfnl_queue_msg_send_verdict_payload(struct nl_sock *,
|
||||||
const struct nfnl_queue_msg *,
|
const struct nfnl_queue_msg *,
|
||||||
const void *, unsigned );
|
const void *, unsigned );
|
||||||
|
|
|
@ -199,6 +199,12 @@ nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *msg)
|
||||||
return __nfnl_queue_msg_build_verdict(msg, NFQNL_MSG_VERDICT);
|
return __nfnl_queue_msg_build_verdict(msg, NFQNL_MSG_VERDICT);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
struct nl_msg *
|
||||||
|
nfnl_queue_msg_build_verdict_batch(const struct nfnl_queue_msg *msg)
|
||||||
|
{
|
||||||
|
return __nfnl_queue_msg_build_verdict(msg, NFQNL_MSG_VERDICT_BATCH);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Send a message verdict/mark
|
* Send a message verdict/mark
|
||||||
* @arg nlh netlink messsage header
|
* @arg nlh netlink messsage header
|
||||||
|
@ -222,6 +228,29 @@ int nfnl_queue_msg_send_verdict(struct nl_sock *nlh,
|
||||||
return wait_for_ack(nlh);
|
return wait_for_ack(nlh);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Send a message batched verdict/mark
|
||||||
|
* @arg nlh netlink messsage header
|
||||||
|
* @arg msg queue msg
|
||||||
|
* @return 0 on OK or error code
|
||||||
|
*/
|
||||||
|
int nfnl_queue_msg_send_verdict_batch(struct nl_sock *nlh,
|
||||||
|
const struct nfnl_queue_msg *msg)
|
||||||
|
{
|
||||||
|
struct nl_msg *nlmsg;
|
||||||
|
int err;
|
||||||
|
|
||||||
|
nlmsg = nfnl_queue_msg_build_verdict_batch(msg);
|
||||||
|
if (nlmsg == NULL)
|
||||||
|
return -NLE_NOMEM;
|
||||||
|
|
||||||
|
err = nl_send_auto_complete(nlh, nlmsg);
|
||||||
|
nlmsg_free(nlmsg);
|
||||||
|
if (err < 0)
|
||||||
|
return err;
|
||||||
|
return wait_for_ack(nlh);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Send a message verdict including the payload
|
* Send a message verdict including the payload
|
||||||
* @arg nlh netlink messsage header
|
* @arg nlh netlink messsage header
|
||||||
|
|
Reference in New Issue