Re: [iptables PATCH v2 03/10] nft: cache: Introduce nft_cache_add_chain()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Phil Sutter <phil@nwl.cc>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [iptables PATCH v2 03/10] nft: cache: Introduce nft_cache_add_chain()
Date: Mon, 12 Oct 2020 14:02:31 +0200	[thread overview]
Message-ID: <20201012120231.GC26845@salvia> (raw)
In-Reply-To: <20200923174849.5773-4-phil@nwl.cc>

On Wed, Sep 23, 2020 at 07:48:42PM +0200, Phil Sutter wrote:
> This is a convenience function for adding a chain to cache, for now just
> a simple wrapper around nftnl_chain_list_add_tail().
> 
> Signed-off-by: Phil Sutter <phil@nwl.cc>
> ---
> Changes since v1:
> - Use the function in nft_chain_builtin_add() as well.
> ---
>  iptables/nft-cache.c | 12 +++++++++---
>  iptables/nft-cache.h |  3 +++
>  iptables/nft.c       | 16 +++++++---------
>  3 files changed, 19 insertions(+), 12 deletions(-)
> 
> diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
> index b94766a751db4..a22e693320451 100644
> --- a/iptables/nft-cache.c
> +++ b/iptables/nft-cache.c
> @@ -165,6 +165,13 @@ static int fetch_table_cache(struct nft_handle *h)
>  	return 1;
>  }
>  
> +int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t,
> +			struct nftnl_chain *c)
> +{
> +	nftnl_chain_list_add_tail(c, h->cache->table[t->type].chains);
> +	return 0;
> +}

This wrapper LGTM.

>  struct nftnl_chain_list_cb_data {
>  	struct nft_handle *h;
>  	const struct builtin_table *t;
> @@ -174,7 +181,6 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
>  {
>  	struct nftnl_chain_list_cb_data *d = data;
>  	const struct builtin_table *t = d->t;
> -	struct nftnl_chain_list *list;
>  	struct nft_handle *h = d->h;
>  	struct nftnl_chain *c;
>  	const char *tname;
> @@ -196,8 +202,8 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
>  		goto out;
>  	}
>  
> -	list = h->cache->table[t->type].chains;
> -	nftnl_chain_list_add_tail(c, list);
> +	if (nft_cache_add_chain(h, t, c))
> +		goto out;
>  
>  	return MNL_CB_OK;
>  out:
> diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h
> index 76f9fbb6c8ccc..d97f8de255f02 100644
> --- a/iptables/nft-cache.h
> +++ b/iptables/nft-cache.h
> @@ -3,6 +3,7 @@
>  
>  struct nft_handle;
>  struct nft_cmd;
> +struct builtin_table;
>  
>  void nft_cache_level_set(struct nft_handle *h, int level,
>  			 const struct nft_cmd *cmd);
> @@ -12,6 +13,8 @@ void flush_chain_cache(struct nft_handle *h, const char *tablename);
>  int flush_rule_cache(struct nft_handle *h, const char *table,
>  		     struct nftnl_chain *c);
>  void nft_cache_build(struct nft_handle *h);
> +int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t,
> +			struct nftnl_chain *c);
>  
>  struct nftnl_chain_list *
>  nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain);
> diff --git a/iptables/nft.c b/iptables/nft.c
> index 4f40be2e60252..8e1a33ba69bf1 100644
> --- a/iptables/nft.c
> +++ b/iptables/nft.c
> @@ -695,7 +695,7 @@ static void nft_chain_builtin_add(struct nft_handle *h,
>  		return;
>  
>  	batch_chain_add(h, NFT_COMPAT_CHAIN_ADD, c);
> -	nftnl_chain_list_add_tail(c, h->cache->table[table->type].chains);
> +	nft_cache_add_chain(h, table, c);
>  }
>  
>  /* find if built-in table already exists */
> @@ -1696,7 +1696,7 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table,
>  
>  int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table)
>  {
> -	struct nftnl_chain_list *list;
> +	const struct builtin_table *t;
>  	struct nftnl_chain *c;
>  	int ret;
>  
> @@ -1720,9 +1720,8 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
>  
>  	ret = batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c);
>  
> -	list = nft_chain_list_get(h, table, chain);
> -	if (list)
> -		nftnl_chain_list_add(c, list);
> +	t = nft_table_builtin_find(h, table);

I'd add here:

        assert(t);

just in case this is ever crashing here, let's make it nice.

next prev parent reply	other threads:[~2020-10-12 12:02 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-23 17:48 [iptables PATCH v2 00/10] nft: Sorted chain listing et al Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 01/10] nft: Fix selective chain compatibility checks Phil Sutter
2020-10-12 11:54   ` Pablo Neira Ayuso
2020-10-13  9:29     ` Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 02/10] nft: Implement nft_chain_foreach() Phil Sutter
2020-10-12 12:01   ` Pablo Neira Ayuso
2020-10-13  9:40     ` Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 03/10] nft: cache: Introduce nft_cache_add_chain() Phil Sutter
2020-10-12 12:02   ` Pablo Neira Ayuso [this message]
2020-12-09 11:24     ` Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 04/10] nft: Eliminate nft_chain_list_get() Phil Sutter
2020-10-12 12:03   ` Pablo Neira Ayuso
2020-10-13  9:44     ` Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 05/10] nft: cache: Move nft_chain_find() over Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 06/10] nft: Introduce struct nft_chain Phil Sutter
2020-10-12 12:08   ` Pablo Neira Ayuso
2020-10-13  9:56     ` Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 07/10] nft: Introduce a dedicated base chain array Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 08/10] nft: cache: Sort custom chains by name Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 09/10] tests: shell: Drop any dump sorting in place Phil Sutter
2020-09-23 17:48 ` [iptables PATCH v2 10/10] nft: Avoid pointless table/chain creation Phil Sutter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201012120231.GC26845@salvia \
    --to=pablo@netfilter.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=phil@nwl.cc \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.