laurenceman / rpms / iptables

Forked from rpms/iptables 5 years ago
Clone

Blame SOURCES/0015-nft-Reduce-indenting-level-in-flush_chain_cache.patch

8cce6c
From f9932edff18a74dc373c708f38fe95b2f8d9a8a5 Mon Sep 17 00:00:00 2001
8cce6c
From: Phil Sutter <phil@nwl.cc>
8cce6c
Date: Thu, 20 Dec 2018 16:09:07 +0100
8cce6c
Subject: [PATCH] nft: Reduce indenting level in flush_chain_cache()
8cce6c
8cce6c
Instead of doing all in one go, make two separate decisions:
8cce6c
8cce6c
1) If table has no chain cache, either continue or return depending on
8cce6c
   whether we're flushing for a specific table.
8cce6c
8cce6c
2) With chain cache present, flushing strategy once more depends on
8cce6c
   whether we're flushing for a specific table: If given, just remove
8cce6c
   all rules and return. If not, free the cache and set to NULL (so that
8cce6c
   it will be repopulated later), then continue the loop.
8cce6c
8cce6c
Signed-off-by: Phil Sutter <phil@nwl.cc>
8cce6c
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
8cce6c
(cherry picked from commit d4b0d248cc057e39608c7c1c1203dd3f1ea96645)
8cce6c
Signed-off-by: Phil Sutter <psutter@redhat.com>
8cce6c
---
8cce6c
 iptables/nft.c | 22 +++++++++++++---------
8cce6c
 1 file changed, 13 insertions(+), 9 deletions(-)
8cce6c
8cce6c
diff --git a/iptables/nft.c b/iptables/nft.c
8cce6c
index befd9f4dd9026..997d7bc58fd00 100644
8cce6c
--- a/iptables/nft.c
8cce6c
+++ b/iptables/nft.c
8cce6c
@@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename)
8cce6c
 		if (tablename && strcmp(h->tables[i].name, tablename))
8cce6c
 			continue;
8cce6c
 
8cce6c
-		if (h->table[i].chain_cache) {
8cce6c
-			if (tablename) {
8cce6c
-				nftnl_chain_list_foreach(h->table[i].chain_cache,
8cce6c
-							 __flush_chain_cache, NULL);
8cce6c
-				break;
8cce6c
-			} else {
8cce6c
-				nftnl_chain_list_free(h->table[i].chain_cache);
8cce6c
-				h->table[i].chain_cache = NULL;
8cce6c
-			}
8cce6c
+		if (!h->table[i].chain_cache) {
8cce6c
+			if (tablename)
8cce6c
+				return;
8cce6c
+			continue;
8cce6c
 		}
8cce6c
+
8cce6c
+		if (tablename) {
8cce6c
+			nftnl_chain_list_foreach(h->table[i].chain_cache,
8cce6c
+						 __flush_chain_cache, NULL);
8cce6c
+			return;
8cce6c
+		}
8cce6c
+
8cce6c
+		nftnl_chain_list_free(h->table[i].chain_cache);
8cce6c
+		h->table[i].chain_cache = NULL;
8cce6c
 	}
8cce6c
 }
8cce6c
 
8cce6c
-- 
8cce6c
2.20.1
8cce6c