'Re: [iptables PATCH v3 17/21] xtables: Optimize list command with given chain'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: [iptables PATCH v3 17/21] xtables: Optimize list command with given chain
From:       Phil Sutter <phil () nwl ! cc>
Date:       2018-12-30 12:10:13
Message-ID: 20181230121013.GM17224 () orbyte ! nwl ! cc
[Download RAW message or body]

On Thu, Dec 27, 2018 at 08:54:08PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Dec 20, 2018 at 04:09:18PM +0100, Phil Sutter wrote:
> > Make use of nftnl_chain_list_lookup_byname() even if not listing a
> > specific rule. Introduce __nft_print_header() to consolidate chain value
> > extraction for printing with ops->print_header().
> > 
> > Signed-off-by: Phil Sutter <phil@nwl.cc>
> > ---
> >  iptables/nft.c | 78 +++++++++++++++++++++-----------------------------
> >  1 file changed, 32 insertions(+), 46 deletions(-)
> > 
> > diff --git a/iptables/nft.c b/iptables/nft.c
> > index 250cae0a34e37..b11c390edcc10 100644
> > --- a/iptables/nft.c
> > +++ b/iptables/nft.c
> > @@ -2247,6 +2247,24 @@ static int nft_rule_count(struct nft_handle *h, struct nftnl_chain *c)
> >  	return rule_ctr;
> >  }
> >  
> > +static void __nft_print_header(struct nft_handle *h,
> > +			       const struct nft_family_ops *ops,
> > +			       struct nftnl_chain *c, unsigned int format)
> > +{
> > +	const char *chain_name = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
> > +	uint32_t policy = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
> > +	bool basechain = !!nftnl_chain_get(c, NFTNL_CHAIN_HOOKNUM);
> > +	uint32_t refs = nftnl_chain_get_u32(c, NFTNL_CHAIN_USE);
> > +	uint32_t entries = nft_rule_count(h, c);
> > +	struct xt_counters ctrs = {
> > +		.pcnt = nftnl_chain_get_u64(c, NFTNL_CHAIN_PACKETS),
> > +		.bcnt = nftnl_chain_get_u64(c, NFTNL_CHAIN_BYTES),
> > +	};
> 
> Maybe we can introduce a container structure for this.
> 
> > +	ops->print_header(format, chain_name, policy_name[policy],
> > +			&ctrs, basechain, refs - entries, entries);
> 
> So we can pass it to ->print_header.
> 
> I would have preferred you add this in a initial patch, makes it
> harder to review. Please do so in the future.

Sorry for the inconvenience this caused.

I don't quite get your idea: Would you like to have a function
extracting the chain data into that container structure so
nft_rule_list() still calls ops->print_header() directly?

I can still do that, just let me know please.

Cheers, Phil
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic