]> git.ipfire.org Git - thirdparty/iptables.git/commitdiff
projects / thirdparty / iptables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6b18719)
nft: Make use of nftnl_rule_lookup_byindex()
authorPhil Sutter <phil@nwl.cc>
Thu, 20 Dec 2018 15:09:20 +0000 (16:09 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 27 Dec 2018 19:46:27 +0000 (20:46 +0100)
Use the function where suitable to potentially speedup rule cache lookup
by rule number.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
iptables/nft.c patch | blob | blame | history

diff --git a/iptables/nft.c b/iptables/nft.c
index e0455eabda77ad43db3aff244316635397a0d174..1fd3837f2d33469132293ab31f22b326bfd23a40 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1976,27 +1976,21 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, void *data, int rulen
 {
        struct nftnl_rule *r;
        struct nftnl_rule_iter *iter;
-       int rule_ctr = 0;
        bool found = false;
 
+       if (rulenum >= 0)
+               /* Delete by rule number case */
+               return nftnl_rule_lookup_byindex(c, rulenum);
+
        iter = nftnl_rule_iter_create(c);
        if (iter == NULL)
                return 0;
 
        r = nftnl_rule_iter_next(iter);
        while (r != NULL) {
-               if (rulenum >= 0) {
-                       /* Delete by rule number case */
-                       if (rule_ctr == rulenum) {
-                           found = true;
-                           break;
-                       }
-               } else {
-                       found = h->ops->rule_find(h->ops, r, data);
-                       if (found)
-                               break;
-               }
-               rule_ctr++;
+               found = h->ops->rule_find(h->ops, r, data);
+               if (found)
+                       break;
                r = nftnl_rule_iter_next(iter);
        }
 
@@ -2202,6 +2196,17 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c,
        struct nftnl_rule *r;
        int rule_ctr = 0;
 
+       if (rulenum > 0) {
+               r = nftnl_rule_lookup_byindex(c, rulenum - 1);
+               if (!r)
+                       /* iptables-legacy returns 0 when listing for
+                        * valid chain but invalid rule number
+                        */
+                       return 1;
+               cb(r, rulenum, format);
+               return 1;
+       }
+
        iter = nftnl_rule_iter_create(c);
        if (iter == NULL)
                return 0;
Mirror of git://git.netfilter.org/iptables