netfilter/queue: introduce nfnl_queue_msg_send_verdict_batch()

The batched verdict implicitely ACKs all queue packet IDs up to the one send back, which reduces the number of verdict messages send to the kernel. Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org> Signed-off-by: Thomas Graf <tgraf@suug.ch>
2013-06-19 15:23:15 +02:00 · 2013-06-19 15:23:15 +02:00 · d612180cda
commit d612180cda
parent 34a96ba5c2
2 changed files with 31 additions and 0 deletions
--- a/include/netlink/netfilter/queue_msg.h
+++ b/include/netlink/netfilter/queue_msg.h
@ -93,6 +93,8 @@ extern unsigned int		nfnl_queue_msg_get_verdict(const struct nfnl_queue_msg *);
 extern struct nl_msg *		nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *);
 extern int			nfnl_queue_msg_send_verdict(struct nl_sock *,
 							    const struct nfnl_queue_msg *);
+extern int			nfnl_queue_msg_send_verdict_batch(struct nl_sock *,
+							    const struct nfnl_queue_msg *);
 extern int			nfnl_queue_msg_send_verdict_payload(struct nl_sock *,
 						const struct nfnl_queue_msg *,
 						const void *, unsigned );
--- a/lib/netfilter/queue_msg.c
+++ b/lib/netfilter/queue_msg.c
@ -199,6 +199,12 @@ nfnl_queue_msg_build_verdict(const struct nfnl_queue_msg *msg)
 	return __nfnl_queue_msg_build_verdict(msg, NFQNL_MSG_VERDICT);
 }

+struct nl_msg *
+nfnl_queue_msg_build_verdict_batch(const struct nfnl_queue_msg *msg)
+{
+	return __nfnl_queue_msg_build_verdict(msg, NFQNL_MSG_VERDICT_BATCH);
+}
+
 /**
 * Send a message verdict/mark
 * @arg nlh            netlink messsage header
@ -222,6 +228,29 @@ int nfnl_queue_msg_send_verdict(struct nl_sock *nlh,
 	return wait_for_ack(nlh);
 }

+/**
+* Send a message batched verdict/mark
+* @arg nlh            netlink messsage header
+* @arg msg            queue msg
+* @return 0 on OK or error code
+*/
+int nfnl_queue_msg_send_verdict_batch(struct nl_sock *nlh,
+									  const struct nfnl_queue_msg *msg)
+{
+	struct nl_msg *nlmsg;
+	int err;
+
+	nlmsg = nfnl_queue_msg_build_verdict_batch(msg);
+	if (nlmsg == NULL)
+		return -NLE_NOMEM;
+
+	err = nl_send_auto_complete(nlh, nlmsg);
+	nlmsg_free(nlmsg);
+	if (err < 0)
+		return err;
+	return wait_for_ack(nlh);
+}
+
 /**
 * Send a message verdict including the payload
 * @arg nlh            netlink messsage header