iptables/SOURCES/0016-nft-Reduce-indenting-level-in-flush_chain_cache.patch

From 3614b4bee283ea6d08207ccc5e2efa3ebfad321c Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 20 Dec 2018 16:09:07 +0100
Subject: [PATCH] nft: Reduce indenting level in flush_chain_cache()

Instead of doing all in one go, make two separate decisions:

1) If table has no chain cache, either continue or return depending on
   whether we're flushing for a specific table.

2) With chain cache present, flushing strategy once more depends on
   whether we're flushing for a specific table: If given, just remove
   all rules and return. If not, free the cache and set to NULL (so that
   it will be repopulated later), then continue the loop.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit d4b0d248cc057e39608c7c1c1203dd3f1ea96645)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 iptables/nft.c | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index befd9f4dd9026..997d7bc58fd00 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename)
 		if (tablename && strcmp(h->tables[i].name, tablename))
 			continue;
 
-		if (h->table[i].chain_cache) {
-			if (tablename) {
-				nftnl_chain_list_foreach(h->table[i].chain_cache,
-							 __flush_chain_cache, NULL);
-				break;
-			} else {
-				nftnl_chain_list_free(h->table[i].chain_cache);
-				h->table[i].chain_cache = NULL;
-			}
+		if (!h->table[i].chain_cache) {
+			if (tablename)
+				return;
+			continue;
 		}
+
+		if (tablename) {
+			nftnl_chain_list_foreach(h->table[i].chain_cache,
+						 __flush_chain_cache, NULL);
+			return;
+		}
+
+		nftnl_chain_list_free(h->table[i].chain_cache);
+		h->table[i].chain_cache = NULL;
 	}
 }
 
-- 
2.21.0
import iptables-1.8.2-12.el8 2019-08-01 21:26:06 +00:00			`From 3614b4bee283ea6d08207ccc5e2efa3ebfad321c Mon Sep 17 00:00:00 2001`
			`From: Phil Sutter <phil@nwl.cc>`
			`Date: Thu, 20 Dec 2018 16:09:07 +0100`
			`Subject: [PATCH] nft: Reduce indenting level in flush_chain_cache()`

			`Instead of doing all in one go, make two separate decisions:`

			`1) If table has no chain cache, either continue or return depending on`
			`whether we're flushing for a specific table.`

			`2) With chain cache present, flushing strategy once more depends on`
			`whether we're flushing for a specific table: If given, just remove`
			`all rules and return. If not, free the cache and set to NULL (so that`
			`it will be repopulated later), then continue the loop.`

			`Signed-off-by: Phil Sutter <phil@nwl.cc>`
			`Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>`
			`(cherry picked from commit d4b0d248cc057e39608c7c1c1203dd3f1ea96645)`
			`Signed-off-by: Phil Sutter <psutter@redhat.com>`
			`---`
			`iptables/nft.c \| 22 +++++++++++++---------`
			`1 file changed, 13 insertions(+), 9 deletions(-)`

			`diff --git a/iptables/nft.c b/iptables/nft.c`
			`index befd9f4dd9026..997d7bc58fd00 100644`
			`--- a/iptables/nft.c`
			`+++ b/iptables/nft.c`
			`@@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle h, const char tablename)`
			`if (tablename && strcmp(h->tables[i].name, tablename))`
			`continue;`

			`- if (h->table[i].chain_cache) {`
			`- if (tablename) {`
			`- nftnl_chain_list_foreach(h->table[i].chain_cache,`
			`- __flush_chain_cache, NULL);`
			`- break;`
			`- } else {`
			`- nftnl_chain_list_free(h->table[i].chain_cache);`
			`- h->table[i].chain_cache = NULL;`
			`- }`
			`+ if (!h->table[i].chain_cache) {`
			`+ if (tablename)`
			`+ return;`
			`+ continue;`
			`}`
			`+`
			`+ if (tablename) {`
			`+ nftnl_chain_list_foreach(h->table[i].chain_cache,`
			`+ __flush_chain_cache, NULL);`
			`+ return;`
			`+ }`
			`+`
			`+ nftnl_chain_list_free(h->table[i].chain_cache);`
			`+ h->table[i].chain_cache = NULL;`
			`}`
			`}`

			`--`
			`2.21.0`