diff mbox series

[iptables,3/4] nft-chain: Introduce base_slot field

Message ID 20210922160632.15635-4-phil@nwl.cc
State Changes Requested
Delegated to: Pablo Neira
Headers show
Series nft: Fix and improve base chain handling | expand

Commit Message

Phil Sutter Sept. 22, 2021, 4:06 p.m. UTC 
For builtin chains, record the base_chains array slot they are assigned
to. This simplifies removing that reference if they are being deleted
later.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-cache.c |  5 +++--
 iptables/nft-chain.h |  1 +
 iptables/nft.c       | 28 +---------------------------
 3 files changed, 5 insertions(+), 29 deletions(-)
diff mbox series

Patch

diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index b7f10ab923bc0..43ac291ec84b2 100644
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -226,10 +226,11 @@  nft_cache_add_base_chain(struct nft_handle *h, const struct builtin_table *t,
 	    strcmp(type, bc->type))
 		return -EINVAL;
 
-	if (h->cache->table[t->type].base_chains[hooknum])
+	nc->base_slot = &h->cache->table[t->type].base_chains[hooknum];
+	if (*nc->base_slot)
 		return -EEXIST;
 
-	h->cache->table[t->type].base_chains[hooknum] = nc;
+	*nc->base_slot = nc;
 	return 0;
 }
 
diff --git a/iptables/nft-chain.h b/iptables/nft-chain.h
index 137f4b7f90085..9adf173857420 100644
--- a/iptables/nft-chain.h
+++ b/iptables/nft-chain.h
@@ -9,6 +9,7 @@  struct nft_handle;
 struct nft_chain {
 	struct list_head	head;
 	struct hlist_node	hnode;
+	struct nft_chain	**base_slot;
 	struct nftnl_chain	*nftnl;
 };
 
diff --git a/iptables/nft.c b/iptables/nft.c
index 17e735aa694af..381061473047f 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1838,8 +1838,6 @@  int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table
 
 struct chain_del_data {
 	struct nft_handle	*handle;
-	struct nft_cache	*cache;
-	enum nft_table_type	type;
 	bool			verbose;
 };
 
@@ -1860,10 +1858,7 @@  static int __nft_chain_del(struct nft_chain *nc, void *data)
 		return -1;
 
 	if (nft_chain_builtin(c)) {
-		uint32_t num = nftnl_chain_get_u32(c, NFTNL_CHAIN_HOOKNUM);
-
-		if (nc == d->cache->table[d->type].base_chains[num])
-			d->cache->table[d->type].base_chains[num] = NULL;
+		*nc->base_slot = NULL;
 	}
 
 	/* nftnl_chain is freed when deleting the batch object */
@@ -1877,7 +1872,6 @@  static int __nft_chain_del(struct nft_chain *nc, void *data)
 int nft_chain_del(struct nft_handle *h, const char *chain,
 		       const char *table, bool verbose)
 {
-	const struct builtin_table *t;
 	struct chain_del_data d = {
 		.handle = h,
 		.verbose = verbose,
@@ -1894,32 +1888,12 @@  int nft_chain_del(struct nft_handle *h, const char *chain,
 			return 0;
 		}
 
-		if (nft_chain_builtin(c->nftnl)) {
-			t = nft_table_builtin_find(h, table);
-			if (!t) {
-				errno = EINVAL;
-				return 0;
-			}
-
-			d.type = t->type;
-			d.cache = h->cache;
-		}
-
 		ret = __nft_chain_del(c, &d);
 		if (ret == -2)
 			errno = EINVAL;
 		goto out;
 	}
 
-	t = nft_table_builtin_find(h, table);
-	if (!t) {
-		errno = EINVAL;
-		return 0;
-	}
-
-	d.type = t->type;
-	d.cache = h->cache;
-
 	if (verbose)
 		nft_cache_sort_chains(h, table);