xtables: Move new chain check to where it belongs

Instead of checking chain existence in xtables.c, do it in nft_chain_user_add() and reuse predefined error message. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2019-02-13 11:11:24 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-02-13 20:08:31 +0100
commit: c19fa5833a0bc0eb787799634bd26dea91fcdca1 (patch)
tree: e5c017586c4053207922100d75eb1348edd07db9 /iptables/nft.c
parent: eed2c6af53ef69df493e8ace70e59096b2149917 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 60b0531f..c1b8ba3a 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1726,6 +1726,11 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
 	if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
 		nft_xt_builtin_init(h, table);
 
+	if (nft_chain_exists(h, table, chain)) {
+		errno = EEXIST;
+		return 0;
+	}
+
 	c = nftnl_chain_alloc();
 	if (c == NULL)
 		return 0;
author	Phil Sutter <phil@nwl.cc>	2019-02-13 11:11:24 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-02-13 20:08:31 +0100
commit	c19fa5833a0bc0eb787799634bd26dea91fcdca1 (patch)
tree	e5c017586c4053207922100d75eb1348edd07db9 /iptables/nft.c
parent	eed2c6af53ef69df493e8ace70e59096b2149917 (diff)