[PATCH iptables 2/4] nft: move chain_cache back to struct nft_handle

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Place this back into the structure that stores the state information.

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 iptables/nft.c | 26 +++++++++++++-------------
 iptables/nft.h |  4 +++-
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index db86f97c6d29..6852def381dd 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -809,14 +809,14 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename)
 		if (tablename && strcmp(h->tables[i].name, tablename))
 			continue;
 
-		if (h->tables[i].chain_cache) {
+		if (h->table[i].chain_cache) {
 			if (tablename) {
-				nftnl_chain_list_foreach(h->tables[i].chain_cache,
+				nftnl_chain_list_foreach(h->table[i].chain_cache,
 							 __flush_chain_cache, NULL);
 				break;
 			} else {
-				nftnl_chain_list_free(h->tables[i].chain_cache);
-				h->tables[i].chain_cache = NULL;
+				nftnl_chain_list_free(h->table[i].chain_cache);
+				h->table[i].chain_cache = NULL;
 			}
 		}
 	}
@@ -1303,13 +1303,13 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
 	if (!t)
 		goto out;
 
-	if (!t->chain_cache) {
-		t->chain_cache = nftnl_chain_list_alloc();
-		if (!t->chain_cache)
+	if (!h->table[t->type].chain_cache) {
+		h->table[t->type].chain_cache = nftnl_chain_list_alloc();
+		if (!h->table[t->type].chain_cache)
 			goto out;
 	}
 
-	nftnl_chain_list_add_tail(c, t->chain_cache);
+	nftnl_chain_list_add_tail(c, h->table[t->type].chain_cache);
 
 	return MNL_CB_OK;
 out:
@@ -1330,8 +1330,8 @@ struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
 	if (!t)
 		return NULL;
 
-	if (t->chain_cache)
-		return t->chain_cache;
+	if (h->table[t->type].chain_cache)
+		return h->table[t->type].chain_cache;
 retry:
 	nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, h->family,
 					NLM_F_DUMP, h->seq);
@@ -1342,10 +1342,10 @@ retry:
 		goto retry;
 	}
 
-	if (!t->chain_cache)
-		t->chain_cache = nftnl_chain_list_alloc();
+	if (!h->table[t->type].chain_cache)
+		h->table[t->type].chain_cache = nftnl_chain_list_alloc();
 
-	return t->chain_cache;
+	return h->table[t->type].chain_cache;
 }
 
 static const char *policy_name[NF_ACCEPT+1] = {
diff --git a/iptables/nft.h b/iptables/nft.h
index e582a6afcc8f..8cacae7394a3 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -26,7 +26,6 @@ struct builtin_table {
 	enum nft_table_type type;
 	struct builtin_chain chains[NF_INET_NUMHOOKS];
 	bool initialized;
-	struct nftnl_chain_list *chain_cache;
 };
 
 struct nft_handle {
@@ -40,6 +39,9 @@ struct nft_handle {
 	struct list_head	err_list;
 	struct nft_family_ops	*ops;
 	struct builtin_table	*tables;
+	struct {
+		struct nftnl_chain_list *chain_cache;
+	} table[NFT_TABLE_MAX];
 	struct nftnl_rule_list	*rule_cache;
 	bool			restore;
 	int8_t			config_done;
-- 
2.11.0




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux