There is no need for a full chain cache, fetch only the few builtin
chains that might need to be created.
Signed-off-by: Phil Sutter <p...@nwl.cc>
---
iptables/nft.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index 775582aab7955..7e019d54ee475 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -709,15 +709,16 @@ nft_chain_builtin_find(const struct builtin_table *t,
const char *chain)
static void nft_chain_builtin_init(struct nft_handle *h,
const struct builtin_table *table)
{
- struct nftnl_chain_list *list = nft_chain_list_get(h, table->name,
NULL);
+ struct nftnl_chain_list *list;
struct nftnl_chain *c;
int i;
- if (!list)
- return;
-
/* Initialize built-in chains if they don't exist yet */
for (i=0; i < NF_INET_NUMHOOKS && table->chains[i].name != NULL; i++) {
+ list = nft_chain_list_get(h, table->name,
+ table->chains[i].name);
+ if (!list)
+ continue;
c = nftnl_chain_list_lookup_byname(list, table->chains[i].name);
if (c != NULL)
--
2.23.0
