nft: remove cache build calls

The cache requirements are now calculated once from the parsing phase.
There is no need to call __nft_build_cache() from several spots in the
codepath anymore.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index 38e353bd7231f5ad6cf2c336d5ee46b8eaa914fc..6db261fbba4b38b0a9be72053647ddd9e84b8c8b 100644 (file)
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -460,20 +460,6 @@ __nft_build_cache(struct nft_handle *h, enum nft_cache_level level,
                fetch_rule_cache(h, t, chain);
 }
 
-void nft_build_cache(struct nft_handle *h, struct nftnl_chain *c)
-{
-       const struct builtin_table *t;
-       const char *table, *chain;
-
-       if (!c)
-               return __nft_build_cache(h, NFT_CL_RULES, NULL, NULL, NULL);
-
-       table = nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
-       chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
-       t = nft_table_builtin_find(h, table);
-       __nft_build_cache(h, NFT_CL_RULES, t, NULL, chain);
-}
-
 void nft_fake_cache(struct nft_handle *h)
 {
        fetch_table_cache(h);
@@ -619,8 +605,6 @@ void nft_release_cache(struct nft_handle *h)
 
 struct nftnl_table_list *nftnl_table_list_get(struct nft_handle *h)
 {
-       __nft_build_cache(h, NFT_CL_TABLES, NULL, NULL, NULL);
-
        return h->cache->tables;
 }
 
@@ -633,8 +617,6 @@ nft_set_list_get(struct nft_handle *h, const char *table, const char *set)
        if (!t)
                return NULL;
 
-       __nft_build_cache(h, NFT_CL_RULES, t, set, NULL);
-
        return h->cache->table[t->type].sets;
 }
 
@@ -647,8 +629,6 @@ nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain)
        if (!t)
                return NULL;
 
-       __nft_build_cache(h, NFT_CL_CHAINS, t, NULL, chain);
-
        return h->cache->table[t->type].chains;
 }
 

diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h
index cf28808e22c72eb775ee59f6ed749c4d62411218..8c63d8d566c19bd0be78af4e8aa603bcc6741d6a 100644 (file)
--- a/iptables/nft-cache.h
+++ b/iptables/nft-cache.h
@@ -5,7 +5,6 @@ struct nft_handle;
 
 void nft_cache_level_set(struct nft_handle *h, int level);
 void nft_fake_cache(struct nft_handle *h);
-void nft_build_cache(struct nft_handle *h, struct nftnl_chain *c);
 void nft_rebuild_cache(struct nft_handle *h);
 void nft_release_cache(struct nft_handle *h);
 void flush_chain_cache(struct nft_handle *h, const char *tablename);

diff --git a/iptables/nft.c b/iptables/nft.c
index 9771bcc9add021301b262a1bdb092c0e1e782e89..f9e53316ab7cf6d815ac634492a70ec30e6f3b0e 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1367,14 +1367,6 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table,
 
        nft_xt_builtin_init(h, table);
 
-       /* Since ebtables user-defined chain policies are implemented as last
-        * rule in nftables, rule cache is required here to treat them right. */
-       if (h->family == NFPROTO_BRIDGE) {
-               c = nft_chain_find(h, table, chain);
-               if (c && !nft_chain_builtin(c))
-                       nft_build_cache(h, c);
-       }
-
        nft_fn = nft_rule_append;
 
        if (ref) {
@@ -1599,7 +1591,6 @@ int nft_rule_save(struct nft_handle *h, const char *table, unsigned int format)
 
        c = nftnl_chain_list_iter_next(iter);
        while (c) {
-               nft_build_cache(h, c);
                ret = nft_chain_save_rules(h, c, format);
                if (ret != 0)
                        break;
@@ -1807,10 +1798,6 @@ static int __nft_chain_user_del(struct nftnl_chain *c, void *data)
                fprintf(stdout, "Deleting chain `%s'\n",
                        nftnl_chain_get_str(c, NFTNL_CHAIN_NAME));
 
-       /* This triggers required policy rule deletion. */
-       if (h->family == NFPROTO_BRIDGE)
-               nft_build_cache(h, c);
-
        /* XXX This triggers a fast lookup from the kernel. */
        nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE);
        ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_DEL, c);
@@ -2093,8 +2080,6 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c,
        struct nftnl_rule_iter *iter;
        bool found = false;
 
-       nft_build_cache(h, c);
-
        if (rulenum >= 0)
                /* Delete by rule number case */
                return nftnl_rule_lookup_byindex(c, rulenum);
@@ -2979,8 +2964,6 @@ int ebt_set_user_chain_policy(struct nft_handle *h, const char *table,
        else
                return 0;
 
-       nft_build_cache(h, c);
-
        nftnl_chain_set_u32(c, NFTNL_CHAIN_POLICY, pval);
        return 1;
 }
@@ -3333,8 +3316,6 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data)
                        return -1;
        }
 
-       nft_build_cache(h, c);
-
        iter = nftnl_rule_iter_create(c);
        if (iter == NULL)
                return -1;
@@ -3471,8 +3452,6 @@ static int nft_is_chain_compatible(struct nftnl_chain *c, void *data)
        enum nf_inet_hooks hook;
        int prio;
 
-       nft_build_cache(h, c);
-
        if (nftnl_rule_foreach(c, nft_is_rule_compatible, NULL))
                return -1;