From 510fef3a3fe67feb3da2fb237784299c7f070d70 Mon Sep 17 00:00:00 2001

From: Phil Sutter <phil@nwl.cc>

Date: Thu, 20 Dec 2018 16:09:11 +0100

Subject: [PATCH] nft: Move nft_rule_list_get() above nft_chain_list_get()

Later when introducing per chain rule caches, nft_rule_list_get() will

be removed. But nftnl_rule_list_cb() which it uses will be reused to

update each chain's rule cache from inside nftnl_chain_list_get(), so

move both into position.

Signed-off-by: Phil Sutter <phil@nwl.cc>

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

(cherry picked from commit eb13831f1c41c0efa626ab85d4448fb8ce4c87a2)

Signed-off-by: Phil Sutter <psutter@redhat.com>

---

 iptables/nft.c | 110 ++++++++++++++++++++++++-------------------------

 1 file changed, 55 insertions(+), 55 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c

index b425577798679..1840561f2e531 100644

--- a/iptables/nft.c

+++ b/iptables/nft.c

@@ -1326,61 +1326,6 @@ retry:

 	return ret;

 }

-struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,

-					    const char *table)

-{

-	const struct builtin_table *t;

-

-	t = nft_table_builtin_find(h, table);

-	if (!t)

-		return NULL;

-

-	if (!h->table[t->type].chain_cache)

-		fetch_chain_cache(h);

-

-	return h->table[t->type].chain_cache;

-}

-

-static const char *policy_name[NF_ACCEPT+1] = {

-	[NF_DROP] = "DROP",

-	[NF_ACCEPT] = "ACCEPT",

-};

-

-int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list)

-{

-	struct nftnl_chain_list_iter *iter;

-	struct nft_family_ops *ops;

-	struct nftnl_chain *c;

-

-	ops = nft_family_ops_lookup(h->family);

-

-	iter = nftnl_chain_list_iter_create(list);

-	if (iter == NULL)

-		return 0;

-

-	c = nftnl_chain_list_iter_next(iter);

-	while (c != NULL) {

-		const char *policy = NULL;

-

-		if (nft_chain_builtin(c)) {

-			uint32_t pol = NF_ACCEPT;

-

-			if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))

-				pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);

-			policy = policy_name[pol];

-		}

-

-		if (ops->save_chain)

-			ops->save_chain(c, policy);

-

-		c = nftnl_chain_list_iter_next(iter);

-	}

-

-	nftnl_chain_list_iter_destroy(iter);

-

-	return 1;

-}

-

 static int nftnl_rule_list_cb(const struct nlmsghdr *nlh, void *data)

 {

 	struct nftnl_rule *r;

@@ -1437,6 +1382,61 @@ retry:

 	return list;

 }

+struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,

+					    const char *table)

+{

+	const struct builtin_table *t;

+

+	t = nft_table_builtin_find(h, table);

+	if (!t)

+		return NULL;

+

+	if (!h->table[t->type].chain_cache)

+		fetch_chain_cache(h);

+

+	return h->table[t->type].chain_cache;

+}

+

+static const char *policy_name[NF_ACCEPT+1] = {

+	[NF_DROP] = "DROP",

+	[NF_ACCEPT] = "ACCEPT",

+};

+

+int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list)

+{

+	struct nftnl_chain_list_iter *iter;

+	struct nft_family_ops *ops;

+	struct nftnl_chain *c;

+

+	ops = nft_family_ops_lookup(h->family);

+

+	iter = nftnl_chain_list_iter_create(list);

+	if (iter == NULL)

+		return 0;

+

+	c = nftnl_chain_list_iter_next(iter);

+	while (c != NULL) {

+		const char *policy = NULL;

+

+		if (nft_chain_builtin(c)) {

+			uint32_t pol = NF_ACCEPT;

+

+			if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))

+				pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);

+			policy = policy_name[pol];

+		}

+

+		if (ops->save_chain)

+			ops->save_chain(c, policy);

+

+		c = nftnl_chain_list_iter_next(iter);

+	}

+

+	nftnl_chain_list_iter_destroy(iter);

+

+	return 1;

+}

+

 int nft_rule_save(struct nft_handle *h, const char *table, unsigned int format)

 {

 	struct nftnl_rule_list *list;

-- 

2.20.1