summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>2013-07-16 22:07:58 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-12-30 23:50:36 +0100
commit7244bef43f350ab31ef54db8a81905f6c68acac0 (patch)
treecf12717e389f1f7324c93a49bd6d87258f059c63
parente127d223d01aaa0886c7f279110ac36651b9a057 (diff)
nft: add function to test for a builtin chain
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--iptables/nft.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 87db9be5..cb46b7a4 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -381,6 +381,14 @@ out:
return ret;
}
+static bool nft_chain_builtin(struct nft_chain *c)
+{
+ /* Check if this chain has hook number, in that case is built-in.
+ * Should we better export the flags to user-space via nf_tables?
+ */
+ return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
+}
+
int nft_init(struct nft_handle *h)
{
h->nl = mnl_socket_open(NETLINK_NETFILTER);
@@ -1138,9 +1146,7 @@ int nft_chain_save(struct nft_handle *h, struct nft_chain_list *list,
if (strcmp(table, chain_table) != 0)
goto next;
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM))
- basechain = true;
-
+ basechain = nft_chain_builtin(c);
nft_chain_print_save(c, basechain);
next:
c = nft_chain_list_iter_next(iter);
@@ -1368,14 +1374,6 @@ static int __nft_chain_del(struct nft_handle *h, struct nft_chain *c)
return ret;
}
-static bool nft_chain_builtin(struct nft_chain *c)
-{
- /* Check if this chain has hook number, in that case is built-in.
- * Should we better export the flags to user-space via nf_tables?
- */
- return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
-}
-
int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table)
{
struct nft_chain_list *list;
@@ -2547,7 +2545,7 @@ nft_rule_list_chain_save(struct nft_handle *h, const char *table,
goto next;
/* this is a base chain */
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM)) {
+ if (nft_chain_builtin(c)) {
printf("-P %s %s", chain_name, policy_name[policy]);
if (counters) {