From db3a63237fe21de8a75eaaddf0cc577ce30a68fe Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 8 Jul 2020 15:18:48 +0200 Subject: nft: Turn nft_chain_save() into a foreach-callback Let nftnl_chain_list_foreach() do the chain list iterating instead of open-coding it. While being at it, simplify the policy value selection code as well. Signed-off-by: Phil Sutter --- iptables/nft.c | 47 ++++++++++++----------------------------------- iptables/nft.h | 2 +- iptables/xtables-save.c | 2 +- 3 files changed, 14 insertions(+), 37 deletions(-) (limited to 'iptables') diff --git a/iptables/nft.c b/iptables/nft.c index e3811f5f..c6cfecda 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1558,46 +1558,23 @@ static const char *policy_name[NF_ACCEPT+1] = { [NF_ACCEPT] = "ACCEPT", }; -int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list) +int nft_chain_save(struct nftnl_chain *c, void *data) { - struct nft_family_ops *ops = h->ops; - struct nftnl_chain_list_iter *iter; - struct nftnl_chain *c; - - iter = nftnl_chain_list_iter_create(list); - if (iter == NULL) - return 0; - - c = nftnl_chain_list_iter_next(iter); - while (c != NULL) { - const char *policy = NULL; - - if (nft_chain_builtin(c)) { - uint32_t pol = NF_ACCEPT; - - if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY)) - pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY); - policy = policy_name[pol]; - } else if (h->family == NFPROTO_BRIDGE) { - if (nftnl_chain_is_set(c, NFTNL_CHAIN_POLICY)) { - uint32_t pol; - - pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY); - policy = policy_name[pol]; - } else { - policy = "RETURN"; - } - } - - if (ops->save_chain) - ops->save_chain(c, policy); + struct nft_handle *h = data; + const char *policy = NULL; - c = nftnl_chain_list_iter_next(iter); + if (nftnl_chain_is_set(c, NFTNL_CHAIN_POLICY)) { + policy = policy_name[nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY)]; + } else if (nft_chain_builtin(c)) { + policy = "ACCEPT"; + } else if (h->family == NFPROTO_BRIDGE) { + policy = "RETURN"; } - nftnl_chain_list_iter_destroy(iter); + if (h->ops->save_chain) + h->ops->save_chain(c, policy); - return 1; + return 0; } static int nft_chain_save_rules(struct nft_handle *h, diff --git a/iptables/nft.h b/iptables/nft.h index bd944f44..fd390e7f 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -142,7 +142,7 @@ const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const c struct nftnl_chain; int nft_chain_set(struct nft_handle *h, const char *table, const char *chain, const char *policy, const struct xt_counters *counters); -int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list); +int nft_chain_save(struct nftnl_chain *c, void *data); int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table); int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table, bool verbose); int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table); diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index bb3d8cd3..92b0c911 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -92,7 +92,7 @@ __do_output(struct nft_handle *h, const char *tablename, void *data) printf("*%s\n", tablename); /* Dump out chain names first, * thereby preventing dependency conflicts */ - nft_chain_save(h, chain_list); + nftnl_chain_list_foreach(chain_list, nft_chain_save, h); nft_rule_save(h, tablename, d->format); if (d->commit) printf("COMMIT\n"); -- cgit v1.2.3