diff options
| author | Phil Sutter <phil@nwl.cc> | 2020-04-24 15:25:26 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2020-05-11 14:28:28 +0200 |
| commit | 0c3aded0b6d587b962be66b54bdc050d3b3cfdcb (patch) | |
| tree | 63d6defff5c7b6406e98552e51602f0efac01901 | |
| parent | 1fd8d5f2e1577496f5431099589bd638ef5d5997 (diff) | |
ebtables-restore: Drop custom table flush routine
At least since flushing xtables-restore doesn't fetch chains from kernel
anymore, problems with pending policy rule delete jobs can't happen
anymore.
Signed-off-by: Phil Sutter <phil@nwl.cc>
| -rw-r--r-- | iptables/nft.c | 21 | ||||
| -rw-r--r-- | iptables/nft.h | 1 | ||||
| -rw-r--r-- | iptables/xtables-restore.c | 9 |
3 files changed, 1 insertions, 30 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index cf3ab9fe..468c703a 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2985,27 +2985,6 @@ int nft_abort(struct nft_handle *h) return nft_action(h, NFT_COMPAT_ABORT); } -int nft_abort_policy_rule(struct nft_handle *h, const char *table) -{ - struct obj_update *n, *tmp; - - list_for_each_entry_safe(n, tmp, &h->obj_list, head) { - if (n->type != NFT_COMPAT_RULE_APPEND && - n->type != NFT_COMPAT_RULE_DELETE) - continue; - - if (strcmp(table, - nftnl_rule_get_str(n->rule, NFTNL_RULE_TABLE))) - continue; - - if (!nft_rule_is_policy_rule(n->rule)) - continue; - - batch_obj_del(h, n); - } - return 0; -} - int nft_compatible_revision(const char *name, uint8_t rev, int opt) { struct mnl_socket *nl; diff --git a/iptables/nft.h b/iptables/nft.h index 2094b014..ebb4044d 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -160,7 +160,6 @@ uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag); int nft_commit(struct nft_handle *h); int nft_bridge_commit(struct nft_handle *h); int nft_abort(struct nft_handle *h); -int nft_abort_policy_rule(struct nft_handle *h, const char *table); /* * revision compatibility. diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 8c25e5b2..bef0dd22 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -486,17 +486,10 @@ int xtables_ip6_restore_main(int argc, char *argv[]) argc, argv); } -static int ebt_table_flush(struct nft_handle *h, const char *table) -{ - /* drop any pending policy rule add/removal jobs */ - nft_abort_policy_rule(h, table); - return nft_table_flush(h, table); -} - static const struct nft_xt_restore_cb ebt_restore_cb = { .commit = nft_bridge_commit, .table_new = nft_table_new, - .table_flush = ebt_table_flush, + .table_flush = nft_table_flush, .do_command = do_commandeb, .chain_set = nft_chain_set, .chain_restore = nft_chain_restore, |