laurenceman / rpms / iptables

Forked from rpms/iptables 5 years ago
Clone
Blob Blame History Raw
From 3614b4bee283ea6d08207ccc5e2efa3ebfad321c Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 20 Dec 2018 16:09:07 +0100
Subject: [PATCH] nft: Reduce indenting level in flush_chain_cache()

Instead of doing all in one go, make two separate decisions:

1) If table has no chain cache, either continue or return depending on
   whether we're flushing for a specific table.

2) With chain cache present, flushing strategy once more depends on
   whether we're flushing for a specific table: If given, just remove
   all rules and return. If not, free the cache and set to NULL (so that
   it will be repopulated later), then continue the loop.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit d4b0d248cc057e39608c7c1c1203dd3f1ea96645)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 iptables/nft.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index befd9f4dd9026..997d7bc58fd00 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename)
 		if (tablename && strcmp(h->tables[i].name, tablename))
 			continue;
 
-		if (h->table[i].chain_cache) {
-			if (tablename) {
-				nftnl_chain_list_foreach(h->table[i].chain_cache,
-							 __flush_chain_cache, NULL);
-				break;
-			} else {
-				nftnl_chain_list_free(h->table[i].chain_cache);
-				h->table[i].chain_cache = NULL;
-			}
+		if (!h->table[i].chain_cache) {
+			if (tablename)
+				return;
+			continue;
 		}
+
+		if (tablename) {
+			nftnl_chain_list_foreach(h->table[i].chain_cache,
+						 __flush_chain_cache, NULL);
+			return;
+		}
+
+		nftnl_chain_list_free(h->table[i].chain_cache);
+		h->table[i].chain_cache = NULL;
 	}
 }
 
-- 
2.21.0