From d612180cda43606425c3476e13a6076b6271d27a Mon Sep 17 00:00:00 2001 From: Holger Eitzenberger Date: Wed, 19 Jun 2013 15:23:15 +0200 Subject: [PATCH] netfilter/queue: introduce nfnl_queue_msg_send_verdict_batch() The batched verdict implicitely ACKs all queue packet IDs up to the one send back, which reduces the number of verdict messages send to the kernel. Signed-off-by: Holger Eitzenberger Signed-off-by: Thomas Graf --- include/netlink/netfilter/queue_msg.h | 2 ++ lib/netfilter/queue_msg.c | 29 +++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/include/netlink/netfilter/queue_msg.h b/include/netlink/netfilter/queue_msg.h index 24ed081..9befee7 100644 --- a/include/netlink/netfilter/queue_msg.h +++ b/include/netlink/netfilter/queue_msg.h @@ -93,6 +93,8 @@ extern unsigned int nfnl_queue_msg_get_verdict(const struct nfnl_queue_msg *); extern struct nl_msg * nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *); extern int nfnl_queue_msg_send_verdict(struct nl_sock *, const struct nfnl_queue_msg *); +extern int nfnl_queue_msg_send_verdict_batch(struct nl_sock *, + const struct nfnl_queue_msg *); extern int nfnl_queue_msg_send_verdict_payload(struct nl_sock *, const struct nfnl_queue_msg *, const void *, unsigned ); diff --git a/lib/netfilter/queue_msg.c b/lib/netfilter/queue_msg.c index dc92fce..1425577 100644 --- a/lib/netfilter/queue_msg.c +++ b/lib/netfilter/queue_msg.c @@ -199,6 +199,12 @@ nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *msg) return __nfnl_queue_msg_build_verdict(msg, NFQNL_MSG_VERDICT); } +struct nl_msg * +nfnl_queue_msg_build_verdict_batch(const struct nfnl_queue_msg *msg) +{ + return __nfnl_queue_msg_build_verdict(msg, NFQNL_MSG_VERDICT_BATCH); +} + /** * Send a message verdict/mark * @arg nlh netlink messsage header @@ -222,6 +228,29 @@ int nfnl_queue_msg_send_verdict(struct nl_sock *nlh, return wait_for_ack(nlh); } +/** +* Send a message batched verdict/mark +* @arg nlh netlink messsage header +* @arg msg queue msg +* @return 0 on OK or error code +*/ +int nfnl_queue_msg_send_verdict_batch(struct nl_sock *nlh, + const struct nfnl_queue_msg *msg) +{ + struct nl_msg *nlmsg; + int err; + + nlmsg = nfnl_queue_msg_build_verdict_batch(msg); + if (nlmsg == NULL) + return -NLE_NOMEM; + + err = nl_send_auto_complete(nlh, nlmsg); + nlmsg_free(nlmsg); + if (err < 0) + return err; + return wait_for_ack(nlh); +} + /** * Send a message verdict including the payload * @arg nlh netlink messsage header -- 2.40.0