nft: add function to test for a builtin chain
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/iptables/nft.c b/iptables/nft.c
index 87db9be..cb46b7a 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -381,6 +381,14 @@
return ret;
}
+static bool nft_chain_builtin(struct nft_chain *c)
+{
+ /* Check if this chain has hook number, in that case is built-in.
+ * Should we better export the flags to user-space via nf_tables?
+ */
+ return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
+}
+
int nft_init(struct nft_handle *h)
{
h->nl = mnl_socket_open(NETLINK_NETFILTER);
@@ -1138,9 +1146,7 @@
if (strcmp(table, chain_table) != 0)
goto next;
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM))
- basechain = true;
-
+ basechain = nft_chain_builtin(c);
nft_chain_print_save(c, basechain);
next:
c = nft_chain_list_iter_next(iter);
@@ -1368,14 +1374,6 @@
return ret;
}
-static bool nft_chain_builtin(struct nft_chain *c)
-{
- /* Check if this chain has hook number, in that case is built-in.
- * Should we better export the flags to user-space via nf_tables?
- */
- return nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM) != NULL;
-}
-
int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table)
{
struct nft_chain_list *list;
@@ -2547,7 +2545,7 @@
goto next;
/* this is a base chain */
- if (nft_chain_attr_get(c, NFT_CHAIN_ATTR_HOOKNUM)) {
+ if (nft_chain_builtin(c)) {
printf("-P %s %s", chain_name, policy_name[policy]);
if (counters) {
