From d24c86bf172d302a00cdf57fd3b7b2f7fc113b39 Mon Sep 17 00:00:00 2001
From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter
 Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org"
 </C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=gandalf/emailAddress=gandalf@netfilter.org>
Date: Sat, 18 Dec 2004 17:18:49 +0000
Subject: Implement some optimization for finding rules to replace in
 TC_REPLACE_ENTRY. Stolen from TC_DELETE_NUM_ENTRY.

---
 libiptc/libiptc.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libiptc/libiptc.c b/libiptc/libiptc.c
index 218ff03..dfa2d1f 100644
--- a/libiptc/libiptc.c
+++ b/libiptc/libiptc.c
@@ -1,4 +1,4 @@
-/* Library which manipulates firewall rules.  Version $Revision: 1.56 $ */
+/* Library which manipulates firewall rules.  Version $Revision$ */
 
 /* Architecture of firewall rules is as follows:
  *
@@ -1319,11 +1319,18 @@ TC_REPLACE_ENTRY(const IPT_CHAINLABEL chain,
 		return 0;
 	}
 
-	if (!(old = iptcc_get_rule_num(c, rulenum + 1))) {
+	if (rulenum >= c->num_rules) {
 		errno = E2BIG;
 		return 0;
 	}
 
+	/* Take advantage of the double linked list if possible. */
+	if (rulenum + 1 <= c->num_rules/2) {
+		old = iptcc_get_rule_num(c, rulenum + 1);
+	} else {
+		old = iptcc_get_rule_num_reverse(c, c->num_rules - rulenum);
+	}
+
 	if (!(r = iptcc_alloc_rule(c, e->next_offset))) {
 		errno = ENOMEM;
 		return 0;
-- 
cgit v1.2.3