diff options
author | Phil Sutter <phil@nwl.cc> | 2020-07-10 21:37:38 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-12-21 18:33:21 +0100 |
commit | e8d48d7b41ec09eb67f69a2bed04628870ec85c3 (patch) | |
tree | e008ac6439da40555b3c749a8108b495efa0a5f8 | |
parent | 694612adf87fb614f16a2b678f32745d5c9d7876 (diff) |
nft: cache: Introduce nft_cache_add_chain()
This is a convenience function for adding a chain to cache, for now just
a simple wrapper around nftnl_chain_list_add_tail().
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | iptables/nft-cache.c | 12 | ||||
-rw-r--r-- | iptables/nft-cache.h | 3 | ||||
-rw-r--r-- | iptables/nft.c | 16 |
3 files changed, 19 insertions, 12 deletions
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index 32cfd6cf..afa655d7 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -165,6 +165,13 @@ static int fetch_table_cache(struct nft_handle *h) return 1; } +int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t, + struct nftnl_chain *c) +{ + nftnl_chain_list_add_tail(c, h->cache->table[t->type].chains); + return 0; +} + struct nftnl_chain_list_cb_data { struct nft_handle *h; const struct builtin_table *t; @@ -174,7 +181,6 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data) { struct nftnl_chain_list_cb_data *d = data; const struct builtin_table *t = d->t; - struct nftnl_chain_list *list; struct nft_handle *h = d->h; struct nftnl_chain *c; const char *tname; @@ -196,8 +202,8 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data) goto out; } - list = h->cache->table[t->type].chains; - nftnl_chain_list_add_tail(c, list); + if (nft_cache_add_chain(h, t, c)) + goto out; return MNL_CB_OK; out: diff --git a/iptables/nft-cache.h b/iptables/nft-cache.h index 76f9fbb6..d97f8de2 100644 --- a/iptables/nft-cache.h +++ b/iptables/nft-cache.h @@ -3,6 +3,7 @@ struct nft_handle; struct nft_cmd; +struct builtin_table; void nft_cache_level_set(struct nft_handle *h, int level, const struct nft_cmd *cmd); @@ -12,6 +13,8 @@ void flush_chain_cache(struct nft_handle *h, const char *tablename); int flush_rule_cache(struct nft_handle *h, const char *table, struct nftnl_chain *c); void nft_cache_build(struct nft_handle *h); +int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t, + struct nftnl_chain *c); struct nftnl_chain_list * nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain); diff --git a/iptables/nft.c b/iptables/nft.c index 24e49db4..d1f6d417 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -697,7 +697,7 @@ static void nft_chain_builtin_add(struct nft_handle *h, return; batch_chain_add(h, NFT_COMPAT_CHAIN_ADD, c); - nftnl_chain_list_add_tail(c, h->cache->table[table->type].chains); + nft_cache_add_chain(h, table, c); } /* find if built-in table already exists */ @@ -1712,7 +1712,7 @@ err: int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table) { - struct nftnl_chain_list *list; + const struct builtin_table *t; struct nftnl_chain *c; nft_fn = nft_chain_user_add; @@ -1736,9 +1736,8 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl if (!batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c)) return 0; - list = nft_chain_list_get(h, table, chain); - if (list) - nftnl_chain_list_add(c, list); + t = nft_table_builtin_find(h, table); + nft_cache_add_chain(h, t, c); /* the core expects 1 for success and 0 for error */ return 1; @@ -1746,7 +1745,7 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table) { - struct nftnl_chain_list *list; + const struct builtin_table *t; struct obj_update *obj; struct nftnl_chain *c; bool created = false; @@ -1763,9 +1762,8 @@ int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table nftnl_chain_set_str(c, NFTNL_CHAIN_NAME, chain); created = true; - list = nft_chain_list_get(h, table, chain); - if (list) - nftnl_chain_list_add(c, list); + t = nft_table_builtin_find(h, table); + nft_cache_add_chain(h, t, c); } else { /* If the chain should vanish meanwhile, kernel genid changes * and the transaction is refreshed enabling the chain add |