From eb13831f1c41c0efa626ab85d4448fb8ce4c87a2 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Thu, 20 Dec 2018 16:09:11 +0100 Subject: nft: Move nft_rule_list_get() above nft_chain_list_get() Later when introducing per chain rule caches, nft_rule_list_get() will be removed. But nftnl_rule_list_cb() which it uses will be reused to update each chain's rule cache from inside nftnl_chain_list_get(), so move both into position. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- iptables/nft.c | 110 ++++++++++++++++++++++++++++----------------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index b4255777..1840561f 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1326,61 +1326,6 @@ retry: return ret; } -struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h, - const char *table) -{ - const struct builtin_table *t; - - t = nft_table_builtin_find(h, table); - if (!t) - return NULL; - - if (!h->table[t->type].chain_cache) - fetch_chain_cache(h); - - return h->table[t->type].chain_cache; -} - -static const char *policy_name[NF_ACCEPT+1] = { - [NF_DROP] = "DROP", - [NF_ACCEPT] = "ACCEPT", -}; - -int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list) -{ - struct nftnl_chain_list_iter *iter; - struct nft_family_ops *ops; - struct nftnl_chain *c; - - ops = nft_family_ops_lookup(h->family); - - iter = nftnl_chain_list_iter_create(list); - if (iter == NULL) - return 0; - - c = nftnl_chain_list_iter_next(iter); - while (c != NULL) { - const char *policy = NULL; - - if (nft_chain_builtin(c)) { - uint32_t pol = NF_ACCEPT; - - if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY)) - pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY); - policy = policy_name[pol]; - } - - if (ops->save_chain) - ops->save_chain(c, policy); - - c = nftnl_chain_list_iter_next(iter); - } - - nftnl_chain_list_iter_destroy(iter); - - return 1; -} - static int nftnl_rule_list_cb(const struct nlmsghdr *nlh, void *data) { struct nftnl_rule *r; @@ -1437,6 +1382,61 @@ retry: return list; } +struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h, + const char *table) +{ + const struct builtin_table *t; + + t = nft_table_builtin_find(h, table); + if (!t) + return NULL; + + if (!h->table[t->type].chain_cache) + fetch_chain_cache(h); + + return h->table[t->type].chain_cache; +} + +static const char *policy_name[NF_ACCEPT+1] = { + [NF_DROP] = "DROP", + [NF_ACCEPT] = "ACCEPT", +}; + +int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list) +{ + struct nftnl_chain_list_iter *iter; + struct nft_family_ops *ops; + struct nftnl_chain *c; + + ops = nft_family_ops_lookup(h->family); + + iter = nftnl_chain_list_iter_create(list); + if (iter == NULL) + return 0; + + c = nftnl_chain_list_iter_next(iter); + while (c != NULL) { + const char *policy = NULL; + + if (nft_chain_builtin(c)) { + uint32_t pol = NF_ACCEPT; + + if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY)) + pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY); + policy = policy_name[pol]; + } + + if (ops->save_chain) + ops->save_chain(c, policy); + + c = nftnl_chain_list_iter_next(iter); + } + + nftnl_chain_list_iter_destroy(iter); + + return 1; +} + int nft_rule_save(struct nft_handle *h, const char *table, unsigned int format) { struct nftnl_rule_list *list; -- cgit v1.2.3