From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 13/18] nft: Implement nft_chain_foreach()
Date: Sat, 11 Jul 2020 12:18:26 +0200 [thread overview]
Message-ID: <20200711101831.29506-14-phil@nwl.cc> (raw)
In-Reply-To: <20200711101831.29506-1-phil@nwl.cc>
This is just a fancy wrapper around nftnl_chain_list_foreach() for now.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
iptables/nft-cache.c | 16 +++-------
iptables/nft.c | 69 ++++++++++++++++-------------------------
iptables/nft.h | 3 ++
iptables/xtables-save.c | 7 +----
4 files changed, 36 insertions(+), 59 deletions(-)
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c
index f8bb2d09c6434..b897dffb696c1 100644
--- a/iptables/nft-cache.c
+++ b/iptables/nft-cache.c
@@ -471,21 +471,16 @@ static int fetch_rule_cache(struct nft_handle *h,
{
int i;
- if (t) {
- struct nftnl_chain_list *list =
- h->cache->table[t->type].chains;
-
- return nftnl_chain_list_foreach(list, nft_rule_list_update, h);
- }
+ if (t)
+ return nft_chain_foreach(h, t->name, nft_rule_list_update, h);
for (i = 0; i < NFT_TABLE_MAX; i++) {
- enum nft_table_type type = h->tables[i].type;
if (!h->tables[i].name)
continue;
- if (nftnl_chain_list_foreach(h->cache->table[type].chains,
- nft_rule_list_update, h))
+ if (nft_chain_foreach(h, h->tables[i].name,
+ nft_rule_list_update, h))
return -1;
}
return 0;
@@ -568,8 +563,7 @@ int flush_rule_cache(struct nft_handle *h, const char *table,
if (!t || !h->cache->table[t->type].chains)
return 0;
- return nftnl_chain_list_foreach(h->cache->table[t->type].chains,
- __flush_rule_cache, NULL);
+ return nft_chain_foreach(h, table, __flush_rule_cache, NULL);
}
static int __flush_chain_cache(struct nftnl_chain *c, void *data)
diff --git a/iptables/nft.c b/iptables/nft.c
index a5d026e6faa36..b2fa3abee6d4a 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1608,14 +1608,9 @@ int nft_rule_save(struct nft_handle *h, const char *table, unsigned int format)
.h = h,
.format = format,
};
- struct nftnl_chain_list *list;
int ret;
- list = nft_chain_list_get(h, table, NULL);
- if (!list)
- return 0;
-
- ret = nftnl_chain_list_foreach(list, nft_rule_save_cb, &d);
+ ret = nft_chain_foreach(h, table, nft_rule_save_cb, &d);
/* the core expects 1 for success and 0 for error */
return ret == 0 ? 1 : 0;
@@ -1687,7 +1682,6 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table,
.table = table,
.verbose = verbose,
};
- struct nftnl_chain_list *list;
struct nftnl_chain *c = NULL;
int ret = 0;
@@ -1713,14 +1707,8 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table,
return 1;
}
- list = nft_chain_list_get(h, table, chain);
- if (list == NULL) {
- ret = 1;
- goto err;
- }
+ ret = nft_chain_foreach(h, table, nft_rule_flush_cb, &d);
- ret = nftnl_chain_list_foreach(list, nft_rule_flush_cb, &d);
-err:
/* the core expects 1 for success and 0 for error */
return ret == 0 ? 1 : 0;
}
@@ -1843,18 +1831,13 @@ int nft_chain_user_del(struct nft_handle *h, const char *chain,
.handle = h,
.verbose = verbose,
};
- struct nftnl_chain_list *list;
struct nftnl_chain *c;
int ret = 0;
nft_fn = nft_chain_user_del;
- list = nft_chain_list_get(h, table, chain);
- if (list == NULL)
- return 0;
-
if (chain) {
- c = nftnl_chain_list_lookup_byname(list, chain);
+ c = nft_chain_find(h, table, chain);
if (!c) {
errno = ENOENT;
return 0;
@@ -1866,7 +1849,7 @@ int nft_chain_user_del(struct nft_handle *h, const char *chain,
goto out;
}
- ret = nftnl_chain_list_foreach(list, __nft_chain_user_del, &d);
+ ret = nft_chain_foreach(h, table, __nft_chain_user_del, &d);
out:
/* the core expects 1 for success and 0 for error */
return ret == 0 ? 1 : 0;
@@ -2459,7 +2442,6 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
.rulenum = rulenum,
.cb = ops->print_rule,
};
- struct nftnl_chain_list *list;
struct nftnl_chain *c;
nft_xt_builtin_init(h, table);
@@ -2479,14 +2461,10 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
return 1;
}
- list = nft_chain_list_get(h, table, chain);
- if (!list)
- return 0;
-
if (ops->print_table_header)
ops->print_table_header(table);
- nftnl_chain_list_foreach(list, nft_rule_list_cb, &d);
+ nft_chain_foreach(h, table, nft_rule_list_cb, &d);
return 1;
}
@@ -2497,6 +2475,23 @@ list_save(struct nft_handle *h, struct nftnl_rule *r,
nft_rule_print_save(h, r, NFT_RULE_APPEND, format);
}
+int nft_chain_foreach(struct nft_handle *h, const char *table,
+ int (*cb)(struct nftnl_chain *c, void *data),
+ void *data)
+{
+ const struct builtin_table *t;
+
+ t = nft_table_builtin_find(h, table);
+ if (!t)
+ return -1;
+
+ if (!h->cache->table[t->type].chains)
+ return -1;
+
+ return nftnl_chain_list_foreach(h->cache->table[t->type].chains,
+ cb, data);
+}
+
static int nft_rule_list_chain_save(struct nftnl_chain *c, void *data)
{
const char *chain_name = nftnl_chain_get_str(c, NFTNL_CHAIN_NAME);
@@ -2528,24 +2523,19 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
.save_fmt = true,
.cb = list_save,
};
- struct nftnl_chain_list *list;
struct nftnl_chain *c;
int ret = 0;
nft_xt_builtin_init(h, table);
nft_assert_table_compatible(h, table, chain);
- list = nft_chain_list_get(h, table, chain);
- if (!list)
- return 0;
-
if (counters < 0)
d.format = FMT_C_COUNTS;
else if (counters == 0)
d.format = FMT_NOCOUNTS;
if (chain) {
- c = nftnl_chain_list_lookup_byname(list, chain);
+ c = nft_chain_find(h, table, chain);
if (!c)
return 0;
@@ -2556,10 +2546,10 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
}
/* Dump policies and custom chains first */
- nftnl_chain_list_foreach(list, nft_rule_list_chain_save, &counters);
+ nft_chain_foreach(h, table, nft_rule_list_chain_save, &counters);
/* Now dump out rules in this table */
- ret = nftnl_chain_list_foreach(list, nft_rule_list_cb, &d);
+ ret = nft_chain_foreach(h, table, nft_rule_list_cb, &d);
return ret == 0 ? 1 : 0;
}
@@ -3421,7 +3411,6 @@ static int __nft_chain_zero_counters(struct nftnl_chain *c, void *data)
int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
const char *table, bool verbose)
{
- struct nftnl_chain_list *list;
struct chain_zero_data d = {
.handle = h,
.verbose = verbose,
@@ -3429,12 +3418,8 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
struct nftnl_chain *c;
int ret = 0;
- list = nft_chain_list_get(h, table, chain);
- if (list == NULL)
- goto err;
-
if (chain) {
- c = nftnl_chain_list_lookup_byname(list, chain);
+ c = nft_chain_find(h, table, chain);
if (!c) {
errno = ENOENT;
return 0;
@@ -3444,7 +3429,7 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
goto err;
}
- ret = nftnl_chain_list_foreach(list, __nft_chain_zero_counters, &d);
+ ret = nft_chain_foreach(h, table, __nft_chain_zero_counters, &d);
err:
/* the core expects 1 for success and 0 for error */
return ret == 0 ? 1 : 0;
diff --git a/iptables/nft.h b/iptables/nft.h
index 247255ac9e3c5..2fe58e7f06d3f 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -152,6 +152,9 @@ const struct builtin_chain *nft_chain_builtin_find(const struct builtin_table *t
bool nft_chain_exists(struct nft_handle *h, const char *table, const char *chain);
void nft_bridge_chain_postprocess(struct nft_handle *h,
struct nftnl_chain *c);
+int nft_chain_foreach(struct nft_handle *h, const char *table,
+ int (*cb)(struct nftnl_chain *c, void *data),
+ void *data);
/*
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 92b0c911c5f1c..bf00b0324cc4f 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -68,7 +68,6 @@ struct do_output_data {
static int
__do_output(struct nft_handle *h, const char *tablename, void *data)
{
- struct nftnl_chain_list *chain_list;
struct do_output_data *d = data;
time_t now;
@@ -81,10 +80,6 @@ __do_output(struct nft_handle *h, const char *tablename, void *data)
return 0;
}
- chain_list = nft_chain_list_get(h, tablename, NULL);
- if (!chain_list)
- return 0;
-
now = time(NULL);
printf("# Generated by %s v%s on %s", prog_name,
prog_vers, ctime(&now));
@@ -92,7 +87,7 @@ __do_output(struct nft_handle *h, const char *tablename, void *data)
printf("*%s\n", tablename);
/* Dump out chain names first,
* thereby preventing dependency conflicts */
- nftnl_chain_list_foreach(chain_list, nft_chain_save, h);
+ nft_chain_foreach(h, tablename, nft_chain_save, h);
nft_rule_save(h, tablename, d->format);
if (d->commit)
printf("COMMIT\n");
--
2.27.0
next prev parent reply other threads:[~2020-07-11 10:19 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-11 10:18 [iptables PATCH 00/18] nft: Sorted chain listing et al Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 01/18] nft: Make table creation purely implicit Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 02/18] nft: Be lazy when flushing Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 03/18] nft: cache: Drop duplicate chain check Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 04/18] nft: Drop pointless nft_xt_builtin_init() call Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 05/18] nft: Turn nft_chain_save() into a foreach-callback Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 06/18] nft: Use nft_chain_find() in two more places Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 07/18] nft: Reorder enum nft_table_type Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 08/18] nft: cache: Fetch only interesting tables from kernel Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 09/18] nft: Use nftnl_chain_list_foreach in nft_rule_list{,_save} Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 10/18] nft: Use nftnl_chain_list_foreach in nft_rule_flush Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 11/18] nft: Use nftnl_chain_foreach in nft_rule_save Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 12/18] nft: Fold nftnl_rule_list_chain_save() into caller Phil Sutter
2020-07-11 10:18 ` Phil Sutter [this message]
2020-07-11 10:18 ` [iptables PATCH 14/18] nft: cache: Introduce nft_cache_add_chain() Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 15/18] nft: Introduce a dedicated base chain array Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 16/18] nft: cache: Sort custom chains by name Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 17/18] tests: shell: Drop any dump sorting in place Phil Sutter
2020-07-11 10:18 ` [iptables PATCH 18/18] nft: Avoid pointless table/chain creation Phil Sutter
2020-07-23 12:22 ` [iptables PATCH 00/18] nft: Sorted chain listing et al Pablo Neira Ayuso
2020-07-25 11:55 ` Phil Sutter
2020-07-27 10:20 ` Pablo Neira Ayuso
2020-07-27 10:55 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200711101831.29506-14-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).