nft: Make table creation purely implicit

While asserting a required builtin chain exists, its table is created
implicitly if missing. Exploit this from xtables-restore, too: The only
actions which need adjustment are chain_new and chain_restore, i.e. when
restoring (either builtin or custom) chains.

Note: The call to nft_table_builtin_add() wasn't sufficient as it
doesn't set the table as initialized and therefore a following call to
nft_xt_builtin_init() would override non-default base chain policies.

Note2: The 'table_new' callback in 'nft_xt_restore_cb' is left in place
as xtables-translate uses it to print an explicit 'add table' command.

Note3: nft_table_new() function was already unused since a7f1e208cdf9c
("nft: split parsing from netlink commands").

Signed-off-by: Phil Sutter <phil@nwl.cc>

1 files changed, 0 insertions, 2 deletions

diff --git a/iptables/nft.h b/iptables/nft.h
index bd783231..bd944f44 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -68,7 +68,6 @@ enum obj_update_type {
 	NFT_COMPAT_RULE_SAVE,
 	NFT_COMPAT_RULE_ZERO,
 	NFT_COMPAT_BRIDGE_USER_CHAIN_UPDATE,
-	NFT_COMPAT_TABLE_NEW,
 };
 
 struct cache_chain {
@@ -135,7 +134,6 @@ int nft_for_each_table(struct nft_handle *h, int (*func)(struct nft_handle *h, c
 bool nft_table_find(struct nft_handle *h, const char *tablename);
 int nft_table_purge_chains(struct nft_handle *h, const char *table, struct nftnl_chain_list *list);
 int nft_table_flush(struct nft_handle *h, const char *table);
-void nft_table_new(struct nft_handle *h, const char *table);
 const struct builtin_table *nft_table_builtin_find(struct nft_handle *h, const char *table);
 
 /*