This series implements separate rule caches in each chain (in patch 11) and fixes wrong ordering of rules when restoring dumps containing insert commands (in patch 20) which requires the per chain rule cache. About the remaining patches: - 1 and 2: Cleanups of per table chain caches. - 3-10: Prerequisites of patch 11. - 12-14 and 16-19: Optimizations leveraging new libnftnl functions. - 15: Test verbose output and return codes more thoroughly. - 21: Avoid alteration of ruleset when listing only. Changes since v1: - Fetch rule cache only if required (patch 3). - Remaining patches unchanged (apart from being reapplied onto changed patch 3). Changes since v2: - Drop optional rule cache fetching. With sane ruleset sizes, this is not worth the effort. - Extract as many changes from patch 11 into separate ones to ease review, drop unrelated changes not worth keeping. Phil Sutter (21): nft: Simplify nftnl_rule_list_chain_save() nft: Review unclear return points xtables-restore: Review chain handling nft: Review is_*_compatible() routines nft: Reduce __nft_rule_del() signature nft: Reduce indenting level in flush_chain_cache() nft: Simplify per table chain cache update nft: Simplify nft_rule_insert() a bit nft: Introduce fetch_chain_cache() nft: Move nft_rule_list_get() above nft_chain_list_get() xtables: Implement per chain rule cache nft: Drop nft_chain_list_find() xtables: Optimize flushing a specific chain xtables: Optimize nft_chain_zero_counters() tests: Extend verbose output and return code tests xtables: Optimize user-defined chain deletion xtables: Optimize list command with given chain xtables: Optimize list rules command with given chain nft: Make use of nftnl_rule_lookup_byindex() xtables: Fix for inserting rule at wrong position xtables: Do not change ruleset while listing iptables/nft-shared.h | 2 - iptables/nft.c | 1240 ++++++++--------- iptables/nft.h | 4 +- .../ipt-restore/0003-restore-ordering_0 | 94 ++ .../testcases/iptables/0002-verbose-output_0 | 13 +- .../testcases/iptables/0004-return-codes_0 | 6 + .../testcases/iptables/0005-rule-replace_0 | 38 + iptables/xtables-arp.c | 1 + iptables/xtables-eb.c | 1 + iptables/xtables-restore.c | 68 +- iptables/xtables.c | 4 + 11 files changed, 749 insertions(+), 722 deletions(-) create mode 100755 iptables/tests/shell/testcases/ipt-restore/0003-restore-ordering_0 create mode 100755 iptables/tests/shell/testcases/iptables/0005-rule-replace_0 -- 2.19.0
