diff options
author | Phil Sutter <phil@nwl.cc> | 2018-12-20 16:09:20 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-12-27 20:46:27 +0100 |
commit | 039b04896521026d1cb52d60dbacb6ee5226c02d (patch) | |
tree | d81b9f729c4a9da616d12b4270a5f4ba97079af3 | |
parent | 6b1871914e4f3717c7e6324727b80cf1d5d985b1 (diff) |
nft: Make use of nftnl_rule_lookup_byindex()
Use the function where suitable to potentially speedup rule cache lookup
by rule number.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/nft.c | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index e0455eab..1fd3837f 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1976,27 +1976,21 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, void *data, int rulen { struct nftnl_rule *r; struct nftnl_rule_iter *iter; - int rule_ctr = 0; bool found = false; + if (rulenum >= 0) + /* Delete by rule number case */ + return nftnl_rule_lookup_byindex(c, rulenum); + iter = nftnl_rule_iter_create(c); if (iter == NULL) return 0; r = nftnl_rule_iter_next(iter); while (r != NULL) { - if (rulenum >= 0) { - /* Delete by rule number case */ - if (rule_ctr == rulenum) { - found = true; - break; - } - } else { - found = h->ops->rule_find(h->ops, r, data); - if (found) - break; - } - rule_ctr++; + found = h->ops->rule_find(h->ops, r, data); + if (found) + break; r = nftnl_rule_iter_next(iter); } @@ -2202,6 +2196,17 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c, struct nftnl_rule *r; int rule_ctr = 0; + if (rulenum > 0) { + r = nftnl_rule_lookup_byindex(c, rulenum - 1); + if (!r) + /* iptables-legacy returns 0 when listing for + * valid chain but invalid rule number + */ + return 1; + cb(r, rulenum, format); + return 1; + } + iter = nftnl_rule_iter_create(c); if (iter == NULL) return 0; |