nft: Implement nft_chain_foreach()

This is just a fancy wrapper around nftnl_chain_list_foreach() with the added benefit of detecting invalid table names or uninitialized chain lists. This in turn allows to drop the checks in flush_rule_cache() and ignore the return code of nft_chain_foreach() as it fails only if the dropped checks had failed, too. Since this wrapper does the chain list lookup by itself, use of nft_chain_list_get() shrinks down to a single place, namely inside nft_chain_find(). Therefore fold it into the latter. Signed-off-by: Phil Sutter <phil@nwl.cc>
author: Phil Sutter <phil@nwl.cc> 2020-07-08 16:09:52 +0200
committer: Phil Sutter <phil@nwl.cc> 2020-12-21 18:33:21 +0100
commit: 09af1117340cfd1885eb2f0a7b522f2d85f66185 (patch)
tree: ee70d2ccf353dda4fcfe27e8c14dddee41272c0a /iptables/nft.h
parent: e8d48d7b41ec09eb67f69a2bed04628870ec85c3 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/iptables/nft.h b/iptables/nft.h
index 128e09be..949d9d07 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -151,6 +151,9 @@ const struct builtin_chain *nft_chain_builtin_find(const struct builtin_table *t
 bool nft_chain_exists(struct nft_handle *h, const char *table, const char *chain);
 void nft_bridge_chain_postprocess(struct nft_handle *h,
 				  struct nftnl_chain *c);
+int nft_chain_foreach(struct nft_handle *h, const char *table,
+		      int (*cb)(struct nftnl_chain *c, void *data),
+		      void *data);
 
 
 /*
author	Phil Sutter <phil@nwl.cc>	2020-07-08 16:09:52 +0200
committer	Phil Sutter <phil@nwl.cc>	2020-12-21 18:33:21 +0100
commit	09af1117340cfd1885eb2f0a7b522f2d85f66185 (patch)
tree	ee70d2ccf353dda4fcfe27e8c14dddee41272c0a /iptables/nft.h
parent	e8d48d7b41ec09eb67f69a2bed04628870ec85c3 (diff)