From patchwork Tue Jul 16 12:38:50 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomasz Bursztyka X-Patchwork-Id: 259402 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 52D3C2C0160 for ; Tue, 16 Jul 2013 22:39:19 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932532Ab3GPMjL (ORCPT ); Tue, 16 Jul 2013 08:39:11 -0400 Received: from mga01.intel.com ([192.55.52.88]:28298 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932293Ab3GPMjI (ORCPT ); Tue, 16 Jul 2013 08:39:08 -0400 Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga101.fm.intel.com with ESMTP; 16 Jul 2013 05:39:06 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.89,676,1367996400"; d="scan'208";a="366031776" Received: from unknown (HELO rd-180.ger.corp.intel.com) ([10.252.122.71]) by fmsmga001.fm.intel.com with ESMTP; 16 Jul 2013 05:40:16 -0700 From: Tomasz Bursztyka To: netfilter-devel@vger.kernel.org Cc: Tomasz Bursztyka Subject: [iptables-nftables - PATCH 6/9] nft: Print chains in right order when listing rules Date: Tue, 16 Jul 2013 15:38:50 +0300 Message-Id: <1373978333-17427-7-git-send-email-tomasz.bursztyka@linux.intel.com> X-Mailer: git-send-email 1.8.2.1 In-Reply-To: <1373978333-17427-1-git-send-email-tomasz.bursztyka@linux.intel.com> References: <1373978333-17427-1-git-send-email-tomasz.bursztyka@linux.intel.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Fixes an output bug, it was: Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination where it should be: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Signed-off-by: Tomasz Bursztyka --- iptables/nft.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 230c4f7..2f03f63 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2464,10 +2464,12 @@ static void __nft_chain_rule_list(struct nft_handle *h, struct nft_chain *c, int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, int rulenum, unsigned int format) { + const struct builtin_table *t; struct nft_chain_list *list; struct nft_chain_list_iter *iter; struct nft_chain *c; bool round = false; + int i; /* If built-in chains don't exist for this table, create them */ if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0) @@ -2482,6 +2484,22 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, goto out; }; + /* Let's print out builtin chains first, in right order */ + t = nft_table_builtin_find(table); + if (t == NULL) + goto out; + + for (i = 0; i < NF_IP_NUMHOOKS && t->chains[i].name != NULL; i++) { + if (round) + printf("\n"); + + c = nft_chain_list_find(list, table, t->chains[i].name); + if (c != NULL) { + __nft_chain_rule_list(h, c, table, rulenum, format); + round = true; + } + } + iter = nft_chain_list_iter_create(list); if (iter == NULL) goto out; @@ -2494,12 +2512,12 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, if (strcmp(table, chain_table) != 0) goto next; - if (round) - printf("\n"); + /* we skip already listed builtin chains */ + if (nft_chain_builtin(c)) + goto next; + printf("\n"); __nft_chain_rule_list(h, c, table, rulenum, format); - - round = true; next: c = nft_chain_list_iter_next(iter); }