On Wed, May 22, 2024 at 23:13:33 -0400, Laine Stump wrote:
iifname/oifname need to lookup the string that contains the name of
the interface each time a packet is checked, while iif/oif compare the
ifindex of the interface, which is included directly in the
packet. Conveniently, the rule is created using the *name* of the
interface (which gets converted to ifindex as the rule is added), so
no extra work is required other than changing the commandline option.
If it was the case that the interface could be deleted and re-added
during the life of the rule, we would have to use Xifname (since
deleting and re-adding the interface would result in ifindex
changing), but for our uses this never happens, so Xif works for us,
and undoubtedly improves performance by at least 0.0000001%.
Signed-off-by: Laine Stump <laine(a)redhat.com>
---
src/network/network_nftables.c | 28 +++++++++----------
.../nat-default-linux.nftables | 12 ++++----
.../nat-ipv6-linux.nftables | 24 ++++++++--------
.../nat-ipv6-masquerade-linux.nftables | 24 ++++++++--------
.../nat-many-ips-linux.nftables | 20 ++++++-------
.../nat-no-dhcp-linux.nftables | 24 ++++++++--------
.../nat-tftp-linux.nftables | 12 ++++----
.../route-default-linux.nftables | 12 ++++----
8 files changed, 78 insertions(+), 78 deletions(-)
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>