diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-24 20:11:52 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:39 +0100 |
commit | 66a5399b6a4383ea4081d99ae852eebc1d65f265 (patch) | |
tree | 739501483c47fd2c1842a7a77bcd1a971a328673 | |
parent | 71871d0a5981d2f8781307852d4f7ee66fe87600 (diff) |
nft: no need for rule lookup if no position specified via -I
Improve (dc3d8a6 xtables: add -I chain rulenum) to avoid a look
up for the rule if no rule number is specified via -I.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/nft.c | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index c22e6c5b..9a857b9e 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2162,7 +2162,8 @@ nft_rule_add(struct nft_handle *h, const char *chain, ret = 0; goto err; } - nft_rule_attr_set_u64(r, NFT_RULE_ATTR_POSITION, handle); + if (handle > 0) + nft_rule_attr_set_u64(r, NFT_RULE_ATTR_POSITION, handle); if (h->commit) { nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FLAGS, @@ -2189,7 +2190,7 @@ int nft_rule_insert(struct nft_handle *h, const char *chain, { struct nft_rule_list *list; struct nft_rule *r; - uint64_t handle; + uint64_t handle = 0; /* If built-in chains don't exist for this table, create them */ if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0) @@ -2197,26 +2198,23 @@ int nft_rule_insert(struct nft_handle *h, const char *chain, nft_fn = nft_rule_insert; - list = nft_rule_list_create(h); - if (list == NULL) - goto err; + if (rulenum > 0) { + list = nft_rule_list_create(h); + if (list == NULL) + goto err; - r = nft_rule_find(list, chain, table, cs, rulenum); - if (r == NULL) { - errno = ENOENT; - goto err; - } + r = nft_rule_find(list, chain, table, cs, rulenum); + if (r == NULL) { + errno = ENOENT; + goto err; + } - handle = nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE); - DEBUGP("adding after rule handle %"PRIu64"\n", handle); + handle = nft_rule_attr_get_u64(r, NFT_RULE_ATTR_HANDLE); + DEBUGP("adding after rule handle %"PRIu64"\n", handle); - if (h->commit) { - nft_rule_attr_set_u32(r, NFT_RULE_ATTR_FLAGS, - NFT_RULE_F_COMMIT); + nft_rule_list_destroy(list); } - nft_rule_list_destroy(list); - return nft_rule_add(h, chain, table, cs, handle, verbose); err: nft_rule_list_destroy(list); |