src: use nft_*_list_add_tail

Adapt it to the semantic fix that has been applied to libnftable
nft_*_list_add now inserts nodes, instead of appending them.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index b9820f12c3c79fd280faaa22f8135554fc798f0f..e6702ff4581d746d76eb746e7d6bdef16218568d 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1065,7 +1065,7 @@ static int nft_chain_list_cb(const struct nlmsghdr *nlh, void *data)
                goto out;
        }
 
-       nft_chain_list_add(c, list);
+       nft_chain_list_add_tail(c, list);
 
        return MNL_CB_OK;
 out:
@@ -1174,7 +1174,7 @@ static int nft_rule_list_cb(const struct nlmsghdr *nlh, void *data)
                goto out;
        }
 
-       nft_rule_list_add(r, list);
+       nft_rule_list_add_tail(r, list);
 
        return MNL_CB_OK;
 out:
@@ -1537,7 +1537,7 @@ static int nft_table_list_cb(const struct nlmsghdr *nlh, void *data)
                goto out;
        }
 
-       nft_table_list_add(t, list);
+       nft_table_list_add_tail(t, list);
 
        return MNL_CB_OK;
 out:

diff --git a/iptables/xtables-config-parser.y b/iptables/xtables-config-parser.y
index 1d78c43c23a77a6c32fd3d79dd0e9bd6aab13d5f..e7a8a07e649cd4e933a04abaf76d148dba3ef46e 100644 (file)
--- a/iptables/xtables-config-parser.y
+++ b/iptables/xtables-config-parser.y
@@ -210,6 +210,11 @@ int xtables_config_parse(char *filename, struct nft_table_list *table_list,
                        }
                        nft_table_attr_set_u32(table, NFT_TABLE_ATTR_FAMILY, family);
                        nft_table_attr_set(table, NFT_TABLE_ATTR_NAME, e->data);
+                       /* This is intentionally prepending, instead of
+                        * appending, since the elements in the stack are in
+                        * the reverse order that chains appear in the
+                        * configuration file.
+                        */
                        nft_table_list_add(table, table_list);
                        break;
                case T_PRIO:
@@ -226,6 +231,7 @@ int xtables_config_parse(char *filename, struct nft_table_list *table_list,
                        nft_table_attr_set_u32(table, NFT_CHAIN_ATTR_FAMILY, family);
                        nft_chain_attr_set_s32(chain, NFT_CHAIN_ATTR_PRIO, prio);
                        nft_chain_attr_set(chain, NFT_CHAIN_ATTR_NAME, e->data);
+                       /* Intentionally prepending, instead of appending */
                        nft_chain_list_add(chain, chain_list);
                        break;
                case T_HOOK: