From patchwork Thu Dec 13 11:16:00 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Phil Sutter <phil@nwl.cc>
X-Patchwork-Id: 1012787
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=nwl.cc
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43FrjV44FZz9s4s
	for <incoming@patchwork.ozlabs.org>;
	Thu, 13 Dec 2018 22:16:46 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1728742AbeLMLQq (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Thu, 13 Dec 2018 06:16:46 -0500
Received: from orbyte.nwl.cc ([151.80.46.58]:58076 "EHLO orbyte.nwl.cc"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1728067AbeLMLQq (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Thu, 13 Dec 2018 06:16:46 -0500
Received: from localhost ([::1]:42934 helo=tatos)
	by orbyte.nwl.cc with esmtp (Exim 4.91)
	(envelope-from <phil@nwl.cc>)
	id 1gXOyy-00077Q-ER; Thu, 13 Dec 2018 12:16:44 +0100
From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH v2 07/14] xtables: Optimize
	nft_chain_zero_counters()
Date: Thu, 13 Dec 2018 12:16:00 +0100
Message-Id: <20181213111607.5457-8-phil@nwl.cc>
X-Mailer: git-send-email 2.19.0
In-Reply-To: <20181213111607.5457-1-phil@nwl.cc>
References: <20181213111607.5457-1-phil@nwl.cc>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

If a chain name was given, make use of nftnl_chain_list_lookup_byname().
Streamline nft_chain_zero_rule_counters() to be suitable for calling
from nftnl_chain_list_foreach().

There is an unrelated optimization in here, too: Add batch job
NFT_COMPAT_CHAIN_ZERO only if it is a base chain. Since user-defined
chains don't have counters, there is no need to do anything for them.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c | 72 +++++++++++++++++++++++++-------------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 846e34f88ccbd..c85fb724e3cd6 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2933,15 +2933,36 @@ int nft_xtables_config_load(struct nft_handle *h, const char *filename,
 	return h->config_done;
 }
 
-static void nft_chain_zero_rule_counters(struct nft_handle *h,
-					 struct nftnl_chain *c)
+struct chain_zero_data {
+	struct nft_handle	*handle;
+	bool			verbose;
+};
+
+static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data)
 {
+	struct chain_zero_data *d = data;
+	struct nft_handle *h = d->handle;
 	struct nftnl_rule_iter *iter;
 	struct nftnl_rule *r;
+	int ret = 0;
+
+	if (d->verbose)
+		fprintf(stdout, "Zeroing chain `%s'\n",
+			nftnl_chain_get_str(c, NFTNL_CHAIN_NAME));
+
+	if (nftnl_chain_is_set(c, NFTNL_CHAIN_HOOKNUM)) {
+		/* zero base chain counters. */
+		nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS, 0);
+		nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES, 0);
+		nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE);
+		ret = batch_chain_add(h, NFT_COMPAT_CHAIN_ZERO, c);
+		if (ret)
+			return -1;
+	}
 
 	iter = nftnl_rule_iter_create(c);
 	if (iter == NULL)
-		return;
+		return -1;
 
 	r = nftnl_rule_iter_next(iter);
 	while (r != NULL) {
@@ -2983,13 +3004,17 @@ static void nft_chain_zero_rule_counters(struct nft_handle *h,
 	}
 
 	nftnl_rule_iter_destroy(iter);
+	return 0;
 }
 
 int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
 			    const char *table, bool verbose)
 {
 	struct nftnl_chain_list *list;
-	struct nftnl_chain_list_iter *iter;
+	struct chain_zero_data d = {
+		.handle = h,
+		.verbose = verbose,
+	};
 	struct nftnl_chain *c;
 	int ret = 0;
 
@@ -2997,41 +3022,16 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
 	if (list == NULL)
 		goto err;
 
-	iter = nftnl_chain_list_iter_create(list);
-	if (iter == NULL)
-		goto err;
-
-	c = nftnl_chain_list_iter_next(iter);
-	while (c != NULL) {
-		const char *chain_name =
-			nftnl_chain_get(c, NFTNL_CHAIN_NAME);
-
-		if (chain != NULL && strcmp(chain, chain_name) != 0)
-			goto next;
-
-		if (verbose)
-			fprintf(stdout, "Zeroing chain `%s'\n", chain_name);
-
-		if (nftnl_chain_is_set(c, NFTNL_CHAIN_HOOKNUM)) {
-			/* zero base chain counters. */
-			nftnl_chain_set_u64(c, NFTNL_CHAIN_PACKETS, 0);
-			nftnl_chain_set_u64(c, NFTNL_CHAIN_BYTES, 0);
-		}
-
-		nft_chain_zero_rule_counters(h, c);
-
-		nftnl_chain_unset(c, NFTNL_CHAIN_HANDLE);
-
-		ret = batch_chain_add(h, NFT_COMPAT_CHAIN_ZERO, c);
+	if (chain) {
+		c = nftnl_chain_list_lookup_byname(list, chain);
+		if (!c)
+			return 0;
 
-		if (chain != NULL)
-			break;
-next:
-		c = nftnl_chain_list_iter_next(iter);
+		ret = __nft_chain_zero_counters(c, &d);
+		goto err;
 	}
 
-	nftnl_chain_list_iter_destroy(iter);
-
+	ret = nftnl_chain_list_foreach(list, __nft_chain_zero_counters, &d);
 err:
 	/* the core expects 1 for success and 0 for error */
 	return ret == 0 ? 1 : 0;