nft-chain: Introduce base_slot field

For builtin chains, record the base_chains array slot they are assigned
to. This simplifies removing that reference if they are being deleted
later.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index b7f10ab923bc0210c550c7922ee10b72a4c7e690..43ac291ec84b2330401116bd38c3c4f30e1f7800 100644 (file)
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -226,10 +226,11 @@ nft_cache_add_base_chain(struct nft_handle *h, const struct builtin_table *t,
            strcmp(type, bc->type))
                return -EINVAL;
 
-       if (h->cache->table[t->type].base_chains[hooknum])
+       nc->base_slot = &h->cache->table[t->type].base_chains[hooknum];
+       if (*nc->base_slot)
                return -EEXIST;
 
-       h->cache->table[t->type].base_chains[hooknum] = nc;
+       *nc->base_slot = nc;
        return 0;
 }
 

diff --git a/iptables/nft-chain.h b/iptables/nft-chain.h
index 137f4b7f9008552fcb3dad7835b6708d4b563776..9adf173857420f1701c8a42247a9237aa86c0142 100644 (file)
--- a/iptables/nft-chain.h
+++ b/iptables/nft-chain.h
@@ -9,6 +9,7 @@ struct nft_handle;
 struct nft_chain {
        struct list_head        head;
        struct hlist_node       hnode;
+       struct nft_chain        **base_slot;
        struct nftnl_chain      *nftnl;
 };
 

diff --git a/iptables/nft.c b/iptables/nft.c
index 17e735aa694af7636cfc6206c58c9d307571000b..381061473047f33745b8e352d06a4f51d2dbe660 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1838,8 +1838,6 @@ int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table
 
 struct chain_del_data {
        struct nft_handle       *handle;
-       struct nft_cache        *cache;
-       enum nft_table_type     type;
        bool                    verbose;
 };
 
@@ -1860,10 +1858,7 @@ static int __nft_chain_del(struct nft_chain *nc, void *data)
                return -1;
 
        if (nft_chain_builtin(c)) {
-               uint32_t num = nftnl_chain_get_u32(c, NFTNL_CHAIN_HOOKNUM);
-
-               if (nc == d->cache->table[d->type].base_chains[num])
-                       d->cache->table[d->type].base_chains[num] = NULL;
+               *nc->base_slot = NULL;
        }
 
        /* nftnl_chain is freed when deleting the batch object */
@@ -1877,7 +1872,6 @@ static int __nft_chain_del(struct nft_chain *nc, void *data)
 int nft_chain_del(struct nft_handle *h, const char *chain,
                       const char *table, bool verbose)
 {
-       const struct builtin_table *t;
        struct chain_del_data d = {
                .handle = h,
                .verbose = verbose,
@@ -1894,32 +1888,12 @@ int nft_chain_del(struct nft_handle *h, const char *chain,
                        return 0;
                }
 
-               if (nft_chain_builtin(c->nftnl)) {
-                       t = nft_table_builtin_find(h, table);
-                       if (!t) {
-                               errno = EINVAL;
-                               return 0;
-                       }
-
-                       d.type = t->type;
-                       d.cache = h->cache;
-               }
-
                ret = __nft_chain_del(c, &d);
                if (ret == -2)
                        errno = EINVAL;
                goto out;
        }
 
-       t = nft_table_builtin_find(h, table);
-       if (!t) {
-               errno = EINVAL;
-               return 0;
-       }
-
-       d.type = t->type;
-       d.cache = h->cache;
-
        if (verbose)
                nft_cache_sort_chains(h, table);