On Tue, Jan 15, 2019 at 11:23:03PM +0100, Phil Sutter wrote:
> Newly created builtin chains missing from cache was the sole reason for
> the immediate calls to nft_commit(). With nft_chain_builtin_add()
> inserting the new chain into the table's chain list, this is not needed
> anymore. Just make sure batch_obj_del() doesn't free the payload of
> NFT_COMPAT_CHAIN_ADD jobs since it contains the new chain which has
> been added to cache.
Applied, thanks.
> Signed-off-by: Phil Sutter <phil@xxxxxx>
> ---
> iptables/nft.c | 30 +++++++++---------------------
> 1 file changed, 9 insertions(+), 21 deletions(-)
>
> diff --git a/iptables/nft.c b/iptables/nft.c
> index 1ce1ecdd276be..73a99e5d8813e 100644
> --- a/iptables/nft.c
> +++ b/iptables/nft.c
> @@ -644,6 +644,7 @@ static void nft_chain_builtin_add(struct nft_handle *h,
> return;
>
> batch_chain_add(h, NFT_COMPAT_CHAIN_ADD, c);
> + nftnl_chain_list_add_tail(c, h->table[table->type].chain_cache);
> }
>
> /* find if built-in table already exists */
> @@ -1216,8 +1217,11 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
> h->ops->print_rule(r, 0, FMT_PRINT_RULE);
>
> c = nft_chain_find(h, table, chain);
> - if (c)
> - nftnl_chain_rule_add_tail(r, c);
> + if (!c) {
> + errno = ENOENT;
> + return 0;
> + }
> + nftnl_chain_rule_add_tail(r, c);
Next time, please don't add unrelated changes, this renders 'git
annotate' useless, thanks.
