|
 |
8cce6c |
From 993eea7a78dd3690cb864b58c7056d5851550f5f Mon Sep 17 00:00:00 2001
|
|
|
8cce6c |
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
8cce6c |
Date: Sat, 17 Nov 2018 18:38:30 +0100
|
|
|
8cce6c |
Subject: [PATCH] nft: move initialize to struct nft_handle
|
|
|
8cce6c |
|
|
|
8cce6c |
Move this to the structure that stores, stateful information. Introduce
|
|
|
8cce6c |
nft_table_initialized() and use it.
|
|
|
8cce6c |
|
|
|
8cce6c |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
8cce6c |
(cherry picked from commit 5016d1eb84f951d84f5a0c18f994f40677ad0643)
|
|
|
8cce6c |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
8cce6c |
---
|
|
|
8cce6c |
iptables/nft.c | 14 ++++++++++----
|
|
|
8cce6c |
iptables/nft.h | 2 +-
|
|
|
8cce6c |
2 files changed, 11 insertions(+), 5 deletions(-)
|
|
|
8cce6c |
|
|
|
8cce6c |
diff --git a/iptables/nft.c b/iptables/nft.c
|
|
|
8cce6c |
index fdb4ead55a873..9b479307a2fbc 100644
|
|
|
8cce6c |
--- a/iptables/nft.c
|
|
|
8cce6c |
+++ b/iptables/nft.c
|
|
|
8cce6c |
@@ -587,13 +587,19 @@ struct builtin_table xtables_bridge[NFT_TABLE_MAX] = {
|
|
|
8cce6c |
},
|
|
|
8cce6c |
};
|
|
|
8cce6c |
|
|
|
8cce6c |
+static bool nft_table_initialized(const struct nft_handle *h,
|
|
|
8cce6c |
+ enum nft_table_type type)
|
|
|
8cce6c |
+{
|
|
|
8cce6c |
+ return h->table[type].initialized;
|
|
|
8cce6c |
+}
|
|
|
8cce6c |
+
|
|
|
8cce6c |
static int nft_table_builtin_add(struct nft_handle *h,
|
|
|
8cce6c |
struct builtin_table *_t)
|
|
|
8cce6c |
{
|
|
|
8cce6c |
struct nftnl_table *t;
|
|
|
8cce6c |
int ret;
|
|
|
8cce6c |
|
|
|
8cce6c |
- if (_t->initialized)
|
|
|
8cce6c |
+ if (nft_table_initialized(h, _t->type))
|
|
|
8cce6c |
return 0;
|
|
|
8cce6c |
|
|
|
8cce6c |
t = nftnl_table_alloc();
|
|
|
8cce6c |
@@ -707,7 +713,7 @@ static int nft_xt_builtin_init(struct nft_handle *h, const char *table)
|
|
|
8cce6c |
if (t == NULL)
|
|
|
8cce6c |
return -1;
|
|
|
8cce6c |
|
|
|
8cce6c |
- if (t->initialized)
|
|
|
8cce6c |
+ if (nft_table_initialized(h, t->type))
|
|
|
8cce6c |
return 0;
|
|
|
8cce6c |
|
|
|
8cce6c |
if (nft_table_builtin_add(h, t) < 0)
|
|
|
8cce6c |
@@ -715,7 +721,7 @@ static int nft_xt_builtin_init(struct nft_handle *h, const char *table)
|
|
|
8cce6c |
|
|
|
8cce6c |
nft_chain_builtin_init(h, t);
|
|
|
8cce6c |
|
|
|
8cce6c |
- t->initialized = true;
|
|
|
8cce6c |
+ h->table[t->type].initialized = true;
|
|
|
8cce6c |
|
|
|
8cce6c |
return 0;
|
|
|
8cce6c |
}
|
|
|
8cce6c |
@@ -1875,7 +1881,7 @@ static int __nft_table_flush(struct nft_handle *h, const char *table)
|
|
|
8cce6c |
|
|
|
8cce6c |
_t = nft_table_builtin_find(h, table);
|
|
|
8cce6c |
assert(_t);
|
|
|
8cce6c |
- _t->initialized = false;
|
|
|
8cce6c |
+ h->table[_t->type].initialized = false;
|
|
|
8cce6c |
|
|
|
8cce6c |
flush_chain_cache(h, table);
|
|
|
8cce6c |
flush_rule_cache(h, table);
|
|
|
8cce6c |
diff --git a/iptables/nft.h b/iptables/nft.h
|
|
|
8cce6c |
index 1c028206221c4..b9ba66b110042 100644
|
|
|
8cce6c |
--- a/iptables/nft.h
|
|
|
8cce6c |
+++ b/iptables/nft.h
|
|
|
8cce6c |
@@ -25,7 +25,6 @@ struct builtin_table {
|
|
|
8cce6c |
const char *name;
|
|
|
8cce6c |
enum nft_table_type type;
|
|
|
8cce6c |
struct builtin_chain chains[NF_INET_NUMHOOKS];
|
|
|
8cce6c |
- bool initialized;
|
|
|
8cce6c |
};
|
|
|
8cce6c |
|
|
|
8cce6c |
struct nft_handle {
|
|
|
8cce6c |
@@ -41,6 +40,7 @@ struct nft_handle {
|
|
|
8cce6c |
struct builtin_table *tables;
|
|
|
8cce6c |
struct {
|
|
|
8cce6c |
struct nftnl_chain_list *chain_cache;
|
|
|
8cce6c |
+ bool initialized;
|
|
|
8cce6c |
} table[NFT_TABLE_MAX];
|
|
|
8cce6c |
struct nftnl_rule_list *rule_cache;
|
|
|
8cce6c |
bool restore;
|
|
|
8cce6c |
--
|
|
|
8cce6c |
2.20.1
|
|
|
8cce6c |
|