This is a respin of my original series after getting rid of a few
initial ("fallout") patches. It implements structs nft_chain and
nft_chain_list to avoid changes to libnftnl as requested. Obviously this
introduces some code duplication as some bits from libnftnl have to be
replicated within iptables now.
Changes since v2:
* Reworded patch 1 comment to clarify what it fixes.
* Reordered patches so that nft_chain_foreach() introduced in patch
3 replaces nft_chain_list_get().
* Drop getters previously introduced along with struct nft_chain to
reduce size of patch 5. Extracting data from embedded nftnl_chain into
nft_chain and back if needed is future work.
Phil Sutter (9):
nft: Fix selective chain compatibility checks
nft: cache: Introduce nft_cache_add_chain()
nft: Implement nft_chain_foreach()
nft: cache: Move nft_chain_find() over
nft: Introduce struct nft_chain
nft: Introduce a dedicated base chain array
nft: cache: Sort custom chains by name
tests: shell: Drop any dump sorting in place
nft: Avoid pointless table/chain creation
iptables/Makefile.am | 2 +-
iptables/nft-cache.c | 162 ++++++---
iptables/nft-cache.h | 11 +-
iptables/nft-chain.c | 59 ++++
iptables/nft-chain.h | 29 ++
iptables/nft.c | 322 +++++++++++-------
iptables/nft.h | 10 +-
.../ebtables/0002-ebtables-save-restore_0 | 2 +-
.../firewalld-restore/0001-firewalld_0 | 17 +-
.../ipt-restore/0007-flush-noflush_0 | 4 +-
.../ipt-restore/0014-verbose-restore_0 | 2 +-
iptables/xtables-save.c | 8 +-
12 files changed, 421 insertions(+), 207 deletions(-)
create mode 100644 iptables/nft-chain.c
create mode 100644 iptables/nft-chain.h
--
2.28.0
