diff options
author | Phil Sutter <phil@nwl.cc> | 2019-02-13 11:11:24 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-02-13 20:08:31 +0100 |
commit | c19fa5833a0bc0eb787799634bd26dea91fcdca1 (patch) | |
tree | e5c017586c4053207922100d75eb1348edd07db9 | |
parent | eed2c6af53ef69df493e8ace70e59096b2149917 (diff) |
xtables: Move new chain check to where it belongs
Instead of checking chain existence in xtables.c, do it in
nft_chain_user_add() and reuse predefined error message.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/nft.c | 5 | ||||
-rw-r--r-- | iptables/xtables.c | 3 |
2 files changed, 5 insertions, 3 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 60b0531f..c1b8ba3a 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1726,6 +1726,11 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0) nft_xt_builtin_init(h, table); + if (nft_chain_exists(h, table, chain)) { + errno = EEXIST; + return 0; + } + c = nftnl_chain_alloc(); if (c == NULL) return 0; diff --git a/iptables/xtables.c b/iptables/xtables.c index 1d777554..44986a37 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1069,9 +1069,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[], xtables_error(PARAMETER_PROBLEM, "Chain '%s' does not exist", cs->jumpto); } - if (!p->xlate && p->command == CMD_NEW_CHAIN && - nft_chain_exists(h, p->table, p->chain)) - xtables_error(OTHER_PROBLEM, "Chain already exists"); } int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, |