Use the function where suitable to potentially speedup rule cache lookup by rule number. Signed-off-by: Phil Sutter <phil@xxxxxx> --- iptables/nft.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index be57aae297f50..3e2fa30650c26 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1970,27 +1970,21 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, void *data, int rulen { struct nftnl_rule *r; struct nftnl_rule_iter *iter; - int rule_ctr = 0; bool found = false; + if (rulenum >= 0) + /* Delete by rule number case */ + return nftnl_rule_lookup_byindex(c, rulenum); + iter = nftnl_rule_iter_create(c); if (iter == NULL) return 0; r = nftnl_rule_iter_next(iter); while (r != NULL) { - if (rulenum >= 0) { - /* Delete by rule number case */ - if (rule_ctr == rulenum) { - found = true; - break; - } - } else { - found = h->ops->rule_find(h->ops, r, data); - if (found) - break; - } - rule_ctr++; + found = h->ops->rule_find(h->ops, r, data); + if (found) + break; r = nftnl_rule_iter_next(iter); } @@ -2196,6 +2190,16 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c, struct nftnl_rule *r; int rule_ctr = 0; + if (rulenum > 0) { + r = nftnl_rule_lookup_byindex(c, rulenum - 1); + if (!r) + /* iptables-legacy returns 0 when listing for + * valid chain but invalid rule number */ + return 1; + cb(r, rulenum, format); + return 1; + } + iter = nftnl_rule_iter_create(c); if (iter == NULL) return 0; -- 2.19.0