|
 |
029dc7 |
From b8d3fdae853c391312b2a0be533fd4a91bf80e8e Mon Sep 17 00:00:00 2001
|
|
|
029dc7 |
From: Phil Sutter <phil@nwl.cc>
|
|
|
029dc7 |
Date: Sun, 30 Dec 2018 20:06:08 +0100
|
|
|
029dc7 |
Subject: [PATCH] nft: Simplify nft_is_chain_compatible()
|
|
|
029dc7 |
|
|
|
029dc7 |
Make use of nft_{table,chain}_builtin_find() instead of open-coding the
|
|
|
029dc7 |
list traversal. Since code is pretty obvious now, drop the comments
|
|
|
029dc7 |
added earlier.
|
|
|
029dc7 |
|
|
|
029dc7 |
Fixes: e774b15299c27 ("nft: Review is_*_compatible() routines")
|
|
|
029dc7 |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
029dc7 |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
029dc7 |
(cherry picked from commit fae77a24634365b18687a5f09357dbf4aaee2bc0)
|
|
|
029dc7 |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
029dc7 |
---
|
|
|
029dc7 |
iptables/nft.c | 34 +++++++++-------------------------
|
|
|
029dc7 |
1 file changed, 9 insertions(+), 25 deletions(-)
|
|
|
029dc7 |
|
|
|
029dc7 |
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
|
029dc7 |
index 1fd3837f2d334..25e538b7e35d7 100644
|
|
|
029dc7 |
--- a/iptables/nft.c
|
|
|
029dc7 |
+++ b/iptables/nft.c
|
|
|
029dc7 |
@@ -3077,11 +3077,12 @@ static int nft_is_rule_compatible(struct nftnl_rule *rule, void *data)
|
|
|
029dc7 |
|
|
|
029dc7 |
static int nft_is_chain_compatible(struct nftnl_chain *c, void *data)
|
|
|
029dc7 |
{
|
|
|
029dc7 |
- const struct builtin_chain *chains = NULL, *chain = NULL;
|
|
|
029dc7 |
- const char *table, *name, *type;
|
|
|
029dc7 |
+ const struct builtin_table *table;
|
|
|
029dc7 |
+ const struct builtin_chain *chain;
|
|
|
029dc7 |
+ const char *tname, *cname, *type;
|
|
|
029dc7 |
struct nft_handle *h = data;
|
|
|
029dc7 |
enum nf_inet_hooks hook;
|
|
|
029dc7 |
- int i, prio;
|
|
|
029dc7 |
+ int prio;
|
|
|
029dc7 |
|
|
|
029dc7 |
if (nftnl_rule_foreach(c, nft_is_rule_compatible, NULL))
|
|
|
029dc7 |
return -1;
|
|
|
029dc7 |
@@ -3089,33 +3090,16 @@ static int nft_is_chain_compatible(struct nftnl_chain *c, void *data)
|
|
|
029dc7 |
if (!nft_chain_builtin(c))
|
|
|
029dc7 |
return 0;
|
|
|
029dc7 |
|
|
|
029dc7 |
- /* find chain's table in builtin tables */
|
|
|
029dc7 |
- table = nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
|
|
|
029dc7 |
- for (i = 0; i < NFT_TABLE_MAX; i++) {
|
|
|
029dc7 |
- const char *cur_table = h->tables[i].name;
|
|
|
029dc7 |
-
|
|
|
029dc7 |
- if (!cur_table || strcmp(cur_table, table))
|
|
|
029dc7 |
- continue;
|
|
|
029dc7 |
-
|
|
|
029dc7 |
- chains = h->tables[i].chains;
|
|
|
029dc7 |
- break;
|
|
|
029dc7 |
- }
|
|
|
029dc7 |
- if (!chains)
|
|
|
029dc7 |
+ tname = nftnl_chain_get_str(c, NFTNL_CHAIN_TABLE);
|
|
|
029dc7 |
+ table = nft_table_builtin_find(h, tname);
|
|
|
029dc7 |
+ if (!table)
|
|
|
029dc7 |
return -1;
|
|
|
029dc7 |
|
|
|
029dc7 |
- /* find chain in builtin chain list */
|
|
|
029dc7 |
- name = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
|
|
|
029dc7 |
- for (i = 0; i < NF_INET_NUMHOOKS && chains[i].name; i++) {
|
|
|
029dc7 |
- if (strcmp(name, chains[i].name))
|
|
|
029dc7 |
- continue;
|
|
|
029dc7 |
-
|
|
|
029dc7 |
- chain = &chains[i];
|
|
|
029dc7 |
- break;
|
|
|
029dc7 |
- }
|
|
|
029dc7 |
+ cname = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
|
|
|
029dc7 |
+ chain = nft_chain_builtin_find(table, cname);
|
|
|
029dc7 |
if (!chain)
|
|
|
029dc7 |
return -1;
|
|
|
029dc7 |
|
|
|
029dc7 |
- /* compare properties */
|
|
|
029dc7 |
type = nftnl_chain_get_str(c, NFTNL_CHAIN_TYPE);
|
|
|
029dc7 |
prio = nftnl_chain_get_u32(c, NFTNL_CHAIN_PRIO);
|
|
|
029dc7 |
hook = nftnl_chain_get_u32(c, NFTNL_CHAIN_HOOKNUM);
|
|
|
029dc7 |
--
|
|
|
029dc7 |
2.21.0
|
|
|
029dc7 |
|