From 80251bc2a56ed612188393a1e588c661ebd43da5 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 6 Jan 2020 13:20:16 +0100 Subject: nft: remove cache build calls The cache requirements are now calculated once from the parsing phase. There is no need to call __nft_build_cache() from several spots in the codepath anymore. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Phil Sutter --- iptables/nft-cache.c | 20 -------------------- iptables/nft-cache.h | 1 - iptables/nft.c | 21 --------------------- 3 files changed, 42 deletions(-) (limited to 'iptables') diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index 38e353bd..6db261fb 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -460,20 +460,6 @@ __nft_build_cache(struct nft_handle *h, enum nft_cache_level level, fetch_rule_cache(h, t, chain); } -void nft_build_cache(struct nft_handle *h, struct nftnl_chain *c) -{ - const struct builtin_table *t; - const char *table, *chain; - - if (!c) - return __nft_build_cache(h, NFT_CL_RULES, NULL, NULL, NULL); - - table = nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE); - chain = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME); - t = nft_table_builtin_find(h, table); - __nft_build_cache(h, NFT_CL_RULES, t, NULL, chain); -} - void nft_fake_cache(struct nft_handle *h) { fetch_table_cache(h); @@ -619,8 +605,6 @@ void nft_release_cache(struct nft_handle *h) struct nftnl_table_list *nftnl_table_list_get(struct nft_handle *h) { - __nft_build_cache(h, NFT_CL_TABLES, NULL, NULL, NULL); - return h->cache->tables; } @@ -633,8 +617,6 @@ nft_set_list_get(struct nft_handle *h, const char *table, const char *set) if (!t) return NULL; - __nft_build_cache(h, NFT_CL_RULES, t, set, NULL); - return h->cache->table[t->type].sets; } @@ -647,8 +629,6 @@ nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain) if (!t) return NULL; - __nft_build_cache(h, NFT_CL_CHAINS, t, NULL, chain); - return h->cache->table[t->type].chains; } diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h index cf28808e..8c63d8d5 100644 --- a/iptables/nft-cache.h +++ b/iptables/nft-cache.h @@ -5,7 +5,6 @@ struct nft_handle; void nft_cache_level_set(struct nft_handle *h, int level); void nft_fake_cache(struct nft_handle *h); -void nft_build_cache(struct nft_handle *h, struct nftnl_chain *c); void nft_rebuild_cache(struct nft_handle *h); void nft_release_cache(struct nft_handle *h); void flush_chain_cache(struct nft_handle *h, const char *tablename); diff --git a/iptables/nft.c b/iptables/nft.c index 9771bcc9..f9e53316 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1367,14 +1367,6 @@ nft_rule_append(struct nft_handle *h, const char *chain, const char *table, nft_xt_builtin_init(h, table); - /* Since ebtables user-defined chain policies are implemented as last - * rule in nftables, rule cache is required here to treat them right. */ - if (h->family == NFPROTO_BRIDGE) { - c = nft_chain_find(h, table, chain); - if (c && !nft_chain_builtin(c)) - nft_build_cache(h, c); - } - nft_fn = nft_rule_append; if (ref) { @@ -1599,7 +1591,6 @@ int nft_rule_save(struct nft_handle *h, const char *table, unsigned int format) c = nftnl_chain_list_iter_next(iter); while (c) { - nft_build_cache(h, c); ret = nft_chain_save_rules(h, c, format); if (ret != 0) break; @@ -1807,10 +1798,6 @@ static int __nft_chain_user_del(struct nftnl_chain *c, void *data) fprintf(stdout, "Deleting chain `%s'\n", nftnl_chain_get_str(c, NFTNL_CHAIN_NAME)); - /* This triggers required policy rule deletion. */ - if (h->family == NFPROTO_BRIDGE) - nft_build_cache(h, c); - /* XXX This triggers a fast lookup from the kernel. */ nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE); ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_DEL, c); @@ -2093,8 +2080,6 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, struct nftnl_rule_iter *iter; bool found = false; - nft_build_cache(h, c); - if (rulenum >= 0) /* Delete by rule number case */ return nftnl_rule_lookup_byindex(c, rulenum); @@ -2979,8 +2964,6 @@ int ebt_set_user_chain_policy(struct nft_handle *h, const char *table, else return 0; - nft_build_cache(h, c); - nftnl_chain_set_u32(c, NFTNL_CHAIN_POLICY, pval); return 1; } @@ -3333,8 +3316,6 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data) return -1; } - nft_build_cache(h, c); - iter = nftnl_rule_iter_create(c); if (iter == NULL) return -1; @@ -3471,8 +3452,6 @@ static int nft_is_chain_compatible(struct nftnl_chain *c, void *data) enum nf_inet_hooks hook; int prio; - nft_build_cache(h, c); - if (nftnl_rule_foreach(c, nft_is_rule_compatible, NULL)) return -1; -- cgit v1.2.3