From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [iptables-nftables - PATCH 1/2] nft: Optimize chain listing if only one is looked for
Date: Wed, 17 Jul 2013 15:40:04 +0200 [thread overview]
Message-ID: <20130717134004.GA7893@localhost> (raw)
In-Reply-To: <1374046455-19234-2-git-send-email-tomasz.bursztyka@linux.intel.com>
Hi Tomasz,
On Wed, Jul 17, 2013 at 10:34:14AM +0300, Tomasz Bursztyka wrote:
> Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
> ---
> iptables/nft.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/iptables/nft.c b/iptables/nft.c
> index f9a88c9..f33faa5 100644
> --- a/iptables/nft.c
> +++ b/iptables/nft.c
> @@ -2495,6 +2495,9 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
> }
> __nft_rule_list(h, c, table, rulenum, format, print_firewall);
>
> + if (chain && strcmp(chain, chain_name) == 0)
> + break;
> +
> found = true;
>
> next:
> @@ -2593,6 +2596,9 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
>
> ret = __nft_rule_list(h, c, table, rulenum,
> counters ? 0 : FMT_NOCOUNTS, list_save);
> +
> + if (chain && strcmp(chain, chain_name) != 0)
This should be == 0. There's the same checking above __nft_rule_list.
I noticed that we don't need to strcmp(chain, chain_name) again,
checking for chain is sufficient.
Pushed this patch, is based on yours:
http://git.netfilter.org/iptables-nftables/commit/?id=db6d43c979954b1a0e2a3d2d1fa4494c43d921c1
While at it, I also noticed that selective listing per chain with -S
was also broken, fixed here:
http://git.netfilter.org/iptables-nftables/commit/?id=eaa70f580a3e3b7675d75005ab71c00494a3ee6e
Regards.
next prev parent reply other threads:[~2013-07-17 13:40 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-17 7:34 [iptables-nftables - PATCH 0/2] fixes Tomasz Bursztyka
2013-07-17 7:34 ` [iptables-nftables - PATCH 1/2] nft: Optimize chain listing if only one is looked for Tomasz Bursztyka
2013-07-17 13:40 ` Pablo Neira Ayuso [this message]
2013-07-18 11:10 ` Tomasz Bursztyka
2013-07-17 7:34 ` [iptables-nftables - PATCH 2/2] nft: Fix code style issues Tomasz Bursztyka
2013-07-17 13:47 ` Pablo Neira Ayuso
2013-07-18 11:12 ` Tomasz Bursztyka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130717134004.GA7893@localhost \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).