Use the function where suitable to potentially speedup rule cache lookup by rule number.
Signed-off-by: Phil Sutter <[email protected]> --- iptables/nft.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index f287e225668e0..2c28c9fd9d2d0 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1976,27 +1976,21 @@ nft_rule_find(struct nft_handle *h, struct nftnl_chain *c, void *data, int rulen { struct nftnl_rule *r; struct nftnl_rule_iter *iter; - int rule_ctr = 0; bool found = false; + if (rulenum >= 0) + /* Delete by rule number case */ + return nftnl_rule_lookup_byindex(c, rulenum); + iter = nftnl_rule_iter_create(c); if (iter == NULL) return 0; r = nftnl_rule_iter_next(iter); while (r != NULL) { - if (rulenum >= 0) { - /* Delete by rule number case */ - if (rule_ctr == rulenum) { - found = true; - break; - } - } else { - found = h->ops->rule_find(h->ops, r, data); - if (found) - break; - } - rule_ctr++; + found = h->ops->rule_find(h->ops, r, data); + if (found) + break; r = nftnl_rule_iter_next(iter); } @@ -2202,6 +2196,17 @@ __nft_rule_list(struct nft_handle *h, struct nftnl_chain *c, struct nftnl_rule *r; int rule_ctr = 0; + if (rulenum > 0) { + r = nftnl_rule_lookup_byindex(c, rulenum - 1); + if (!r) + /* iptables-legacy returns 0 when listing for + * valid chain but invalid rule number + */ + return 1; + cb(r, rulenum, format); + return 1; + } + iter = nftnl_rule_iter_create(c); if (iter == NULL) return 0; -- 2.19.0
