nft: Move nft_rule_list_get() above nft_chain_list_get()

Later when introducing per chain rule caches, nft_rule_list_get() will
be removed. But nftnl_rule_list_cb() which it uses will be reused to
update each chain's rule cache from inside nftnl_chain_list_get(), so
move both into position.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index b425577798679015e0704ab27ba903e38ed38fb8..1840561f2e5317c754e6e27709f9ecf263fc6382 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1326,61 +1326,6 @@ retry:
        return ret;
 }
 
-struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
-                                           const char *table)
-{
-       const struct builtin_table *t;
-
-       t = nft_table_builtin_find(h, table);
-       if (!t)
-               return NULL;
-
-       if (!h->table[t->type].chain_cache)
-               fetch_chain_cache(h);
-
-       return h->table[t->type].chain_cache;
-}
-
-static const char *policy_name[NF_ACCEPT+1] = {
-       [NF_DROP] = "DROP",
-       [NF_ACCEPT] = "ACCEPT",
-};
-
-int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list)
-{
-       struct nftnl_chain_list_iter *iter;
-       struct nft_family_ops *ops;
-       struct nftnl_chain *c;
-
-       ops = nft_family_ops_lookup(h->family);
-
-       iter = nftnl_chain_list_iter_create(list);
-       if (iter == NULL)
-               return 0;
-
-       c = nftnl_chain_list_iter_next(iter);
-       while (c != NULL) {
-               const char *policy = NULL;
-
-               if (nft_chain_builtin(c)) {
-                       uint32_t pol = NF_ACCEPT;
-
-                       if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))
-                               pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
-                       policy = policy_name[pol];
-               }
-
-               if (ops->save_chain)
-                       ops->save_chain(c, policy);
-
-               c = nftnl_chain_list_iter_next(iter);
-       }
-
-       nftnl_chain_list_iter_destroy(iter);
-
-       return 1;
-}
-
 static int nftnl_rule_list_cb(const struct nlmsghdr *nlh, void *data)
 {
        struct nftnl_rule *r;
@@ -1437,6 +1382,61 @@ retry:
        return list;
 }
 
+struct nftnl_chain_list *nft_chain_list_get(struct nft_handle *h,
+                                           const char *table)
+{
+       const struct builtin_table *t;
+
+       t = nft_table_builtin_find(h, table);
+       if (!t)
+               return NULL;
+
+       if (!h->table[t->type].chain_cache)
+               fetch_chain_cache(h);
+
+       return h->table[t->type].chain_cache;
+}
+
+static const char *policy_name[NF_ACCEPT+1] = {
+       [NF_DROP] = "DROP",
+       [NF_ACCEPT] = "ACCEPT",
+};
+
+int nft_chain_save(struct nft_handle *h, struct nftnl_chain_list *list)
+{
+       struct nftnl_chain_list_iter *iter;
+       struct nft_family_ops *ops;
+       struct nftnl_chain *c;
+
+       ops = nft_family_ops_lookup(h->family);
+
+       iter = nftnl_chain_list_iter_create(list);
+       if (iter == NULL)
+               return 0;
+
+       c = nftnl_chain_list_iter_next(iter);
+       while (c != NULL) {
+               const char *policy = NULL;
+
+               if (nft_chain_builtin(c)) {
+                       uint32_t pol = NF_ACCEPT;
+
+                       if (nftnl_chain_get(c, NFTNL_CHAIN_POLICY))
+                               pol = nftnl_chain_get_u32(c, NFTNL_CHAIN_POLICY);
+                       policy = policy_name[pol];
+               }
+
+               if (ops->save_chain)
+                       ops->save_chain(c, policy);
+
+               c = nftnl_chain_list_iter_next(iter);
+       }
+
+       nftnl_chain_list_iter_destroy(iter);
+
+       return 1;
+}
+
 int nft_rule_save(struct nft_handle *h, const char *table, unsigned int format)
 {
        struct nftnl_rule_list *list;