summaryrefslogtreecommitdiffstats
path: root/iptables
diff options
context:
space:
mode:
Diffstat (limited to 'iptables')
-rw-r--r--iptables/nft-cache.c50
1 files changed, 30 insertions, 20 deletions
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index 61184653..a0c4dfc6 100644
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -322,9 +322,9 @@ static int fetch_set_cache(struct nft_handle *h,
return ret;
}
-static int fetch_chain_cache(struct nft_handle *h,
- const struct builtin_table *t,
- const char *chain)
+static int __fetch_chain_cache(struct nft_handle *h,
+ const struct builtin_table *t,
+ const struct nftnl_chain *c)
{
struct nftnl_chain_list_cb_data d = {
.h = h,
@@ -334,24 +334,10 @@ static int fetch_chain_cache(struct nft_handle *h,
struct nlmsghdr *nlh;
int ret;
- if (t && chain) {
- struct nftnl_chain *c = nftnl_chain_alloc();
-
- if (!c)
- return -1;
-
- nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN,
- h->family, NLM_F_ACK,
- h->seq);
- nftnl_chain_set_str(c, NFTNL_CHAIN_TABLE, t->name);
- nftnl_chain_set_str(c, NFTNL_CHAIN_NAME, chain);
+ nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN, h->family,
+ c ? NLM_F_ACK : NLM_F_DUMP, h->seq);
+ if (c)
nftnl_chain_nlmsg_build_payload(nlh, c);
- nftnl_chain_free(c);
- } else {
- nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_GETCHAIN,
- h->family, NLM_F_DUMP,
- h->seq);
- }
ret = mnl_talk(h, nlh, nftnl_chain_list_cb, &d);
if (ret < 0 && errno == EINTR)
@@ -360,6 +346,30 @@ static int fetch_chain_cache(struct nft_handle *h,
return ret;
}
+static int fetch_chain_cache(struct nft_handle *h,
+ const struct builtin_table *t,
+ const char *chain)
+{
+ struct nftnl_chain *c;
+ int ret;
+
+ if (!chain)
+ return __fetch_chain_cache(h, t, NULL);
+
+ assert(t);
+
+ c = nftnl_chain_alloc();
+ if (!c)
+ return -1;
+
+ nftnl_chain_set_str(c, NFTNL_CHAIN_TABLE, t->name);
+ nftnl_chain_set_str(c, NFTNL_CHAIN_NAME, chain);
+ ret = __fetch_chain_cache(h, t, c);
+
+ nftnl_chain_free(c);
+ return ret;
+}
+
static int nftnl_rule_list_cb(const struct nlmsghdr *nlh, void *data)
{
struct nftnl_chain *c = data;