Bug 1835300

Summary: Fix for poor performance of JSON API echo support when adding many elements
Product: Red Hat Enterprise Linux 8 Reporter: Phil Sutter <psutter>
Component: nftablesAssignee: Phil Sutter <psutter>
Status: CLOSED ERRATA QA Contact: Jiri Peska <jpeska>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: egarver, jpeska, todoleza
Target Milestone: rc   
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nftables-0.9.3-14.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1900565 (view as bug list) Environment:
Last Closed: 2020-11-04 01:58:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1900565    

Description Phil Sutter 2020-05-13 15:02:25 UTC 
In original report (bug 1834853), firewalld got stuck loading a huge blacklist. Problem stems from libnftables JSON API doing pointless work for returned 'add element' command netlink messages instead of continuing right away. Fix sent upstream:

https://marc.info/?l=netfilter-devel&m=158938069717763&w=2
Comment 1 Phil Sutter 2020-05-13 15:23:39 UTC 
*** Bug 1835315 has been marked as a duplicate of this bug. ***
Comment 2 Phil Sutter 2020-05-14 11:12:16 UTC 
Upstream commit to backport:

commit c96c7da272e33a34770c4de4e3e50f7ed264672e
Author: Phil Sutter <phil>
Date:   Wed May 13 16:29:51 2020 +0200

    JSON: Improve performance of json_events_cb()
    
    The function tries to insert handles into JSON input for echo option.
    Yet there may be nothing to do if the given netlink message doesn't
    contain a handle, e.g. if it is an 'add element' command. Calling
    seqnum_to_json() is pointless overhead in that case, and if input is
    large this overhead is significant. Better wait with that call until
    after checking if the message is relevant at all.
    
    Signed-off-by: Phil Sutter <phil>
    Acked-by: Eric Garver <eric>
Comment 8 errata-xmlrpc 2020-11-04 01:58:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nftables bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4535