diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-12 01:34:00 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-15 18:15:23 +0100 |
commit | e3d00ed1f657d5ce989a780990c6fb0097368d1e (patch) | |
tree | fe901a1c336f9faf82830e19bdb33f1632de7463 | |
parent | af03f4bde32a02b7a97bae586a45a05c9bdbd5a0 (diff) |
cache: add helper function to fill up the rule cache
Add a helper function to dump the rules and add them to the
corresponding chain.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/cache.c | 41 |
1 files changed, 25 insertions, 16 deletions
diff --git a/src/cache.c b/src/cache.c index 0e9e7fe5..14957f2d 100644 --- a/src/cache.c +++ b/src/cache.c @@ -474,7 +474,7 @@ static int list_rule_cb(struct nftnl_rule *nlr, void *data) return 0; } -static int rule_cache_init(struct netlink_ctx *ctx, const struct handle *h, +static int rule_cache_dump(struct netlink_ctx *ctx, const struct handle *h, const struct nft_cache_filter *filter) { struct nftnl_rule_list *rule_cache; @@ -811,6 +811,29 @@ static int cache_init_tables(struct netlink_ctx *ctx, struct handle *h, return 0; } +static int rule_init_cache(struct netlink_ctx *ctx, struct table *table, + const struct nft_cache_filter *filter) +{ + struct rule *rule, *nrule; + struct chain *chain; + int ret; + + ret = rule_cache_dump(ctx, &table->handle, filter); + + list_for_each_entry_safe(rule, nrule, &ctx->list, list) { + chain = chain_cache_find(table, rule->handle.chain.name); + if (!chain) + chain = chain_binding_lookup(table, + rule->handle.chain.name); + if (!chain) + return -1; + + list_move_tail(&rule->list, &chain->rules); + } + + return ret; +} + static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags, const struct nft_cache_filter *filter) { @@ -818,9 +841,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags, struct nftnl_chain_list *chain_list = NULL; struct nftnl_set_list *set_list = NULL; struct nftnl_obj_list *obj_list; - struct rule *rule, *nrule; struct table *table; - struct chain *chain; struct set *set; int ret = 0; @@ -902,19 +923,7 @@ static int cache_init_objects(struct netlink_ctx *ctx, unsigned int flags, } if (flags & NFT_CACHE_RULE_BIT) { - ret = rule_cache_init(ctx, &table->handle, filter); - list_for_each_entry_safe(rule, nrule, &ctx->list, list) { - chain = chain_cache_find(table, rule->handle.chain.name); - if (!chain) - chain = chain_binding_lookup(table, - rule->handle.chain.name); - if (!chain) { - ret = -1; - goto cache_fails; - } - - list_move_tail(&rule->list, &chain->rules); - } + ret = rule_init_cache(ctx, table, filter); if (ret < 0) goto cache_fails; } |