[iptables PATCH v2 12/14] xtables: Make use of nftnl_rule_lookup_byindex()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Use the function where suitable to potentially speedup rule cache lookup
by rule number.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index be57aae297f50..3e2fa30650c26 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1970,27 +1970,21 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, void *data, int rulen
 {
 	struct nftnl_rule *r;
 	struct nftnl_rule_iter *iter;
-	int rule_ctr = 0;
 	bool found = false;
 
+	if (rulenum >= 0)
+		/* Delete by rule number case */
+		return nftnl_rule_lookup_byindex(c, rulenum);
+
 	iter = nftnl_rule_iter_create(c);
 	if (iter == NULL)
 		return 0;
 
 	r = nftnl_rule_iter_next(iter);
 	while (r != NULL) {
-		if (rulenum >= 0) {
-			/* Delete by rule number case */
-			if (rule_ctr == rulenum) {
-			    found = true;
-			    break;
-			}
-		} else {
-			found = h->ops->rule_find(h->ops, r, data);
-			if (found)
-				break;
-		}
-		rule_ctr++;
+		found = h->ops->rule_find(h->ops, r, data);
+		if (found)
+			break;
 		r = nftnl_rule_iter_next(iter);
 	}
 
@@ -2196,6 +2190,16 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c,
 	struct nftnl_rule *r;
 	int rule_ctr = 0;
 
+	if (rulenum > 0) {
+		r = nftnl_rule_lookup_byindex(c, rulenum - 1);
+		if (!r)
+			/* iptables-legacy returns 0 when listing for
+			 * valid chain but invalid rule number */
+			return 1;
+		cb(r, rulenum, format);
+		return 1;
+	}
+
 	iter = nftnl_rule_iter_create(c);
 	if (iter == NULL)
 		return 0;
-- 
2.19.0




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux