diff options
| author | Phil Sutter <phil@nwl.cc> | 2021-09-17 16:51:33 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2021-09-27 13:29:45 +0200 |
| commit | e865a853d7afcff4b2d4279ef843cd13fa6defa1 (patch) | |
| tree | 33ea6d71d70fa2d8b4b14698682ff4bd25ef5824 /iptables | |
| parent | f9b33967f2b4b58160c0a970da77d5e44406803a (diff) | |
nft-chain: Introduce base_slot field
For builtin chains, record the base_chains array slot they are assigned
to. This simplifies removing that reference if they are being deleted
later.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables')
| -rw-r--r-- | iptables/nft-cache.c | 5 | ||||
| -rw-r--r-- | iptables/nft-chain.h | 1 | ||||
| -rw-r--r-- | iptables/nft.c | 28 |
3 files changed, 5 insertions, 29 deletions
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index b7f10ab9..43ac291e 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -226,10 +226,11 @@ nft_cache_add_base_chain(struct nft_handle *h, const struct builtin_table *t, strcmp(type, bc->type)) return -EINVAL; - if (h->cache->table[t->type].base_chains[hooknum]) + nc->base_slot = &h->cache->table[t->type].base_chains[hooknum]; + if (*nc->base_slot) return -EEXIST; - h->cache->table[t->type].base_chains[hooknum] = nc; + *nc->base_slot = nc; return 0; } diff --git a/iptables/nft-chain.h b/iptables/nft-chain.h index 137f4b7f..9adf1738 100644 --- a/iptables/nft-chain.h +++ b/iptables/nft-chain.h @@ -9,6 +9,7 @@ struct nft_handle; struct nft_chain { struct list_head head; struct hlist_node hnode; + struct nft_chain **base_slot; struct nftnl_chain *nftnl; }; diff --git a/iptables/nft.c b/iptables/nft.c index 17e735aa..38106147 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1838,8 +1838,6 @@ int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table struct chain_del_data { struct nft_handle *handle; - struct nft_cache *cache; - enum nft_table_type type; bool verbose; }; @@ -1860,10 +1858,7 @@ static int __nft_chain_del(struct nft_chain *nc, void *data) return -1; if (nft_chain_builtin(c)) { - uint32_t num = nftnl_chain_get_u32(c, NFTNL_CHAIN_HOOKNUM); - - if (nc == d->cache->table[d->type].base_chains[num]) - d->cache->table[d->type].base_chains[num] = NULL; + *nc->base_slot = NULL; } /* nftnl_chain is freed when deleting the batch object */ @@ -1877,7 +1872,6 @@ static int __nft_chain_del(struct nft_chain *nc, void *data) int nft_chain_del(struct nft_handle *h, const char *chain, const char *table, bool verbose) { - const struct builtin_table *t; struct chain_del_data d = { .handle = h, .verbose = verbose, @@ -1894,32 +1888,12 @@ int nft_chain_del(struct nft_handle *h, const char *chain, return 0; } - if (nft_chain_builtin(c->nftnl)) { - t = nft_table_builtin_find(h, table); - if (!t) { - errno = EINVAL; - return 0; - } - - d.type = t->type; - d.cache = h->cache; - } - ret = __nft_chain_del(c, &d); if (ret == -2) errno = EINVAL; goto out; } - t = nft_table_builtin_find(h, table); - if (!t) { - errno = EINVAL; - return 0; - } - - d.type = t->type; - d.cache = h->cache; - if (verbose) nft_cache_sort_chains(h, table); |