This series mostly implements separate rule caches in each chain (in patch 3) and fixes wrong ordering of rules when restoring dumps containing insert commands (in patch 13) which requires the per chain rule cache. Remaining patches are more or less related. Changes since v1: - Fetch rule cache only if required (patch 3). - Remaining patches unchanged (apart from being reapplied onto changed patch 3). Phil Sutter (14): xtables: Review unclear return points xtables-restore: Review chain handling xtables: Implement per chain rule cache nft: Simplify nftnl_rule_list_chain_save() xtables: Drop nft_chain_list_find() xtables: Optimize flushing a specific chain xtables: Optimize nft_chain_zero_counters() tests: Extend verbose output and return code tests xtables: Optimize nft_chain_user_del() xtables: Optimize nft_rule_list() xtables: Optimize nft_rule_list_save() xtables: Make use of nftnl_rule_lookup_byindex() xtables: Fix for inserting rule at wrong position xtables: Do not change ruleset while listing iptables/nft-shared.h | 2 - iptables/nft.c | 1193 ++++++++--------- iptables/nft.h | 7 +- .../ipt-restore/0003-restore-ordering_0 | 94 ++ .../testcases/iptables/0002-verbose-output_0 | 13 +- .../testcases/iptables/0004-return-codes_0 | 6 + .../testcases/iptables/0005-rule-replace_0 | 38 + iptables/xtables-arp.c | 1 + iptables/xtables-eb.c | 1 + iptables/xtables-restore.c | 73 +- iptables/xtables-save.c | 6 +- iptables/xtables.c | 4 + 12 files changed, 749 insertions(+), 689 deletions(-) create mode 100755 iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0 create mode 100755 iptables/tests/shell/testcases/iptables/0005-rule-replace_0 -- 2.19.0
