diff options
author | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org> | 2004-12-18 17:18:49 +0000 |
---|---|---|
committer | /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org> | 2004-12-18 17:18:49 +0000 |
commit | d24c86bf172d302a00cdf57fd3b7b2f7fc113b39 (patch) | |
tree | f172a0f572c4912eb17932a2327849f0b9d7abd0 /libiptc | |
parent | eb6854e080f99d34f372c0fbe11efda3eba3d9c0 (diff) |
Implement some optimization for finding rules to replace in TC_REPLACE_ENTRY.
Stolen from TC_DELETE_NUM_ENTRY.
Diffstat (limited to 'libiptc')
-rw-r--r-- | libiptc/libiptc.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c index 218ff03..dfa2d1f 100644 --- a/libiptc/libiptc.c +++ b/libiptc/libiptc.c @@ -1,4 +1,4 @@ -/* Library which manipulates firewall rules. Version $Revision: 1.56 $ */ +/* Library which manipulates firewall rules. Version $Revision$ */ /* Architecture of firewall rules is as follows: * @@ -1319,11 +1319,18 @@ TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain, return 0; } - if (!(old = iptcc_get_rule_num(c, rulenum + 1))) { + if (rulenum >= c->num_rules) { errno = E2BIG; return 0; } + /* Take advantage of the double linked list if possible. */ + if (rulenum + 1 <= c->num_rules/2) { + old = iptcc_get_rule_num(c, rulenum + 1); + } else { + old = iptcc_get_rule_num_reverse(c, c->num_rules - rulenum); + } + if (!(r = iptcc_alloc_rule(c, e->next_offset))) { errno = ENOMEM; return 0; |