diff mbox series

[iptables,12/14] xtables: Make use of nftnl_rule_lookup_byindex()

Message ID 20181211105042.18703-13-phil@nwl.cc
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series Separate rule cache per chain et al. | expand

Commit Message

Phil Sutter Dec. 11, 2018, 10:50 a.m. UTC 
Use the function where suitable to potentially speedup rule cache lookup
by rule number.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)
diff mbox series

Patch

diff --git a/iptables/nft.c b/iptables/nft.c
index 94c5673d3126e..883471aae99c6 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1960,27 +1960,21 @@  nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, void *data, int rulen
 {
 	struct nftnl_rule *r;
 	struct nftnl_rule_iter *iter;
-	int rule_ctr = 0;
 	bool found = false;
 
+	if (rulenum >= 0)
+		/* Delete by rule number case */
+		return nftnl_rule_lookup_byindex(c, rulenum);
+
 	iter = nftnl_rule_iter_create(c);
 	if (iter == NULL)
 		return 0;
 
 	r = nftnl_rule_iter_next(iter);
 	while (r != NULL) {
-		if (rulenum >= 0) {
-			/* Delete by rule number case */
-			if (rule_ctr == rulenum) {
-			    found = true;
-			    break;
-			}
-		} else {
-			found = h->ops->rule_find(h->ops, r, data);
-			if (found)
-				break;
-		}
-		rule_ctr++;
+		found = h->ops->rule_find(h->ops, r, data);
+		if (found)
+			break;
 		r = nftnl_rule_iter_next(iter);
 	}
 
@@ -2186,6 +2180,16 @@  __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c,
 	struct nftnl_rule *r;
 	int rule_ctr = 0;
 
+	if (rulenum > 0) {
+		r = nftnl_rule_lookup_byindex(c, rulenum - 1);
+		if (!r)
+			/* iptables-legacy returns 0 when listing for
+			 * valid chain but invalid rule number */
+			return 1;
+		cb(r, rulenum, format);
+		return 1;
+	}
+
 	iter = nftnl_rule_iter_create(c);
 	if (iter == NULL)
 		return 0;