@@ -165,6 +165,13 @@ static int fetch_table_cache(struct nft_handle *h)
return 1;
}
+int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t,
+ struct nftnl_chain *c)
+{
+ nftnl_chain_list_add_tail(c, h->cache->table[t->type].chains);
+ return 0;
+}
+
struct nftnl_chain_list_cb_data {
struct nft_handle *h;
const struct builtin_table *t;
@@ -174,7 +181,6 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
{
struct nftnl_chain_list_cb_data *d = data;
const struct builtin_table *t = d->t;
- struct nftnl_chain_list *list;
struct nft_handle *h = d->h;
struct nftnl_chain *c;
const char *tname;
@@ -196,8 +202,8 @@ static int nftnl_chain_list_cb(const struct nlmsghdr *nlh, void *data)
goto out;
}
- list = h->cache->table[t->type].chains;
- nftnl_chain_list_add_tail(c, list);
+ if (nft_cache_add_chain(h, t, c))
+ goto out;
return MNL_CB_OK;
out:
@@ -3,6 +3,7 @@
struct nft_handle;
struct nft_cmd;
+struct builtin_table;
void nft_cache_level_set(struct nft_handle *h, int level,
const struct nft_cmd *cmd);
@@ -12,6 +13,8 @@ void flush_chain_cache(struct nft_handle *h, const char *tablename);
int flush_rule_cache(struct nft_handle *h, const char *table,
struct nftnl_chain *c);
void nft_cache_build(struct nft_handle *h);
+int nft_cache_add_chain(struct nft_handle *h, const struct builtin_table *t,
+ struct nftnl_chain *c);
struct nftnl_chain_list *
nft_chain_list_get(struct nft_handle *h, const char *table, const char *chain);
@@ -697,7 +697,7 @@ static void nft_chain_builtin_add(struct nft_handle *h,
return;
batch_chain_add(h, NFT_COMPAT_CHAIN_ADD, c);
- nftnl_chain_list_add_tail(c, h->cache->table[table->type].chains);
+ nft_cache_add_chain(h, table, c);
}
/* find if built-in table already exists */
@@ -1712,7 +1712,7 @@ err:
int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *table)
{
- struct nftnl_chain_list *list;
+ const struct builtin_table *t;
struct nftnl_chain *c;
nft_fn = nft_chain_user_add;
@@ -1736,9 +1736,8 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
if (!batch_chain_add(h, NFT_COMPAT_CHAIN_USER_ADD, c))
return 0;
- list = nft_chain_list_get(h, table, chain);
- if (list)
- nftnl_chain_list_add(c, list);
+ t = nft_table_builtin_find(h, table);
+ nft_cache_add_chain(h, t, c);
/* the core expects 1 for success and 0 for error */
return 1;
@@ -1746,7 +1745,7 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table)
{
- struct nftnl_chain_list *list;
+ const struct builtin_table *t;
struct obj_update *obj;
struct nftnl_chain *c;
bool created = false;
@@ -1763,9 +1762,8 @@ int nft_chain_restore(struct nft_handle *h, const char *chain, const char *table
nftnl_chain_set_str(c, NFTNL_CHAIN_NAME, chain);
created = true;
- list = nft_chain_list_get(h, table, chain);
- if (list)
- nftnl_chain_list_add(c, list);
+ t = nft_table_builtin_find(h, table);
+ nft_cache_add_chain(h, t, c);
} else {
/* If the chain should vanish meanwhile, kernel genid changes
* and the transaction is refreshed enabling the chain add
This is a convenience function for adding a chain to cache, for now just a simple wrapper around nftnl_chain_list_add_tail(). Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables/nft-cache.c | 12 +++++++++--- iptables/nft-cache.h | 3 +++ iptables/nft.c | 16 +++++++--------- 3 files changed, 19 insertions(+), 12 deletions(-)