The chain list is obtained if the user requests a listing.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/rule.c | 61 ++++++++++++++++++++++--------------------------------------
1 file changed, 22 insertions(+), 39 deletions(-)
diff --git a/src/rule.c b/src/rule.c
index 8461461..b7c834f 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -67,7 +67,7 @@ static int cache_init_tables(struct netlink_ctx *ctx, struct handle *h)
return 0;
}
-static int cache_init_objects(struct netlink_ctx *ctx)
+static int cache_init_objects(struct netlink_ctx *ctx, enum cmd_ops cmd)
{
struct table *table;
int ret;
@@ -79,6 +79,24 @@ static int cache_init_objects(struct netlink_ctx *ctx)
if (ret < 0)
return -1;
+
+ /* Skip caching other objects to speed up things: We only need
+ * a full cache when listing the existing ruleset or renaming
+ * a chain.
+ */
+ switch (cmd) {
+ case CMD_LIST:
+ case CMD_RENAME:
+ break;
+ default:
+ continue;
+ }
+
+ ret = netlink_list_chains(ctx, &table->handle,
+ &internal_location);
+ if (ret < 0)
+ return -1;
+ list_splice_tail_init(&ctx->list, &table->chains);
}
return 0;
}
@@ -98,7 +116,7 @@ static int cache_init(enum cmd_ops cmd, struct list_head *msgs)
ret = cache_init_tables(&ctx, &handle);
if (ret < 0)
return ret;
- ret = cache_init_objects(&ctx);
+ ret = cache_init_objects(&ctx, cmd);
if (ret < 0)
return ret;
@@ -929,22 +947,6 @@ static int do_command_export(struct netlink_ctx *ctx, struct cmd *cmd)
return 0;
}
-static void table_cleanup(struct table *table)
-{
- struct chain *chain, *nchain;
- struct set *set, *nset;
-
- list_for_each_entry_safe(chain, nchain, &table->chains, list) {
- list_del(&chain->list);
- chain_free(chain);
- }
-
- list_for_each_entry_safe(set, nset, &table->sets, list) {
- list_del(&set->list);
- set_free(set);
- }
-}
-
static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd,
struct table *table)
{
@@ -952,30 +954,16 @@ static int do_list_table(struct netlink_ctx *ctx, struct cmd *cmd,
struct chain *chain;
if (do_list_sets(ctx, &cmd->location, table) < 0)
- goto err;
- if (netlink_list_chains(ctx, &cmd->handle, &cmd->location) < 0)
- goto err;
- list_splice_tail_init(&ctx->list, &table->chains);
+ return -1;
if (netlink_list_table(ctx, &cmd->handle, &cmd->location) < 0)
- goto err;
+ return -1;
list_for_each_entry_safe(rule, nrule, &ctx->list, list) {
- table = table_lookup(&rule->handle);
chain = chain_lookup(table, &rule->handle);
- if (chain == NULL) {
- chain = chain_alloc(rule->handle.chain);
- chain_add_hash(chain, table);
- }
-
list_move_tail(&rule->list, &chain->rules);
}
-
table_print(table);
- table_cleanup(table);
return 0;
-err:
- table_cleanup(table);
- return -1;
}
static int do_list_sets_global(struct netlink_ctx *ctx, struct cmd *cmd)
@@ -1092,14 +1080,9 @@ static int do_command_rename(struct netlink_ctx *ctx, struct cmd *cmd)
{
struct table *table = table_lookup(&cmd->handle);
struct chain *chain;
- int err;
switch (cmd->obj) {
case CMD_OBJ_CHAIN:
- err = netlink_get_chain(ctx, &cmd->handle, &cmd->location);
- if (err < 0)
- return err;
- list_splice_tail_init(&ctx->list, &table->chains);
chain = chain_lookup(table, &cmd->handle);
return netlink_rename_chain(ctx, &chain->handle, &cmd->location,
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
