nft: Fix for -Z with bogus rule number

The command is supposed to fail if no rule at given index is found.
While at it, drop the goto and label which are unused since commit
9b896224e0bfc ("xtables: rework rule cache logic").

Fixes: a69cc575295ee ("xtables: allow to reset the counters of an existing rule")
Signed-off-by: Phil Sutter <phil@nwl.cc>

1 files changed, 2 insertions, 7 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index 88be5ede..21a7e211 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2978,7 +2978,6 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
 		.command = NFT_COMPAT_RULE_APPEND,
 	};
 	struct nft_chain *c;
-	int ret = 0;
 
 	nft_fn = nft_rule_delete;
 
@@ -2991,8 +2990,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
 	r = nft_rule_find(h, c, NULL, rulenum);
 	if (r == NULL) {
 		errno = ENOENT;
-		ret = 1;
-		goto error;
+		return 0;
 	}
 
 	if (h->ops->init_cs)
@@ -3005,10 +3003,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
 	if (!new_rule)
 		return 1;
 
-	ret = nft_rule_append(h, chain, table, new_rule, r, false);
-
-error:
-	return ret;
+	return nft_rule_append(h, chain, table, new_rule, r, false);
 }
 
 static void nft_table_print_debug(struct nft_handle *h,