On Fri, Nov 23, 2018 at 01:35:17PM +0100, Pablo Neira Ayuso wrote: > On Fri, Nov 23, 2018 at 12:25:45PM +0100, Florian Westphal wrote: > > Phil Sutter <phil@xxxxxx> wrote: > > > > If user doesn't want it cleared at nftnl_chain_free() time they can > > > > always allocate a new nftnl_rule_list and splice to that list. > > > > > > Good point. What do you think about the simple approach of introducing: > > > > > > | struct nftnl_rule_list *nftnl_chain_get_rule_list(const struct nftnl_chain *); > > > > Looks fine to me. > > > > > This would allow to reuse nftnl_rule_list routines from libnftnl/rule.h. > > > One potential problem I see is that users may try to call > > > nftnl_rule_list_free(). Can we prevent that somehow? > > > > Document that nftnl_rule_list_free() pairs with nftnl_rule_list_alloc() :-) > > > > I don't think its an issue. > > We could add a 'bool make_free_no_op' to nftnl_rule_list and set that to > > true for nftnl_rule_list structures that are allocated indirectly on > > behalf of nftnl_chain struct, but I think thats taking things too far. > > Can we have an interface similar to nftnl_rule_add_expr() to add rules > to chains? > > So we add list field to nftnl_chain, and this new interface to > add/delete rules. We can add an internal hashtable, that allows lookup by handle. Also add iterators à la nftnl_expr_foreach() too.
