diff options
author | Jan Palus <atler@pld-linux.org> | 2020-12-28 10:59:42 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2023-08-05 01:30:05 +0200 |
commit | d5c869add2501aa722682c825b7b9ee247d22ec8 (patch) | |
tree | 38d75e614b8e8d86a02e9896c5e872fa449e20f6 /iptables/nft.c | |
parent | 952186aa0342f6bf3c4614a609525338d057d8d9 (diff) |
nft: move processing logic out of asserts
[Phil: Introduce assert_nft_restart() to keep things clean, also add
fallback returns to nft_action() and nft_prepare(), sanitizing
things at least a bit.]
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1487
Signed-off-by: Jan Palus <atler@pld-linux.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index b702c65a..326dc20b 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -109,7 +109,9 @@ static struct nftnl_batch *mnl_batch_init(void) static void mnl_nft_batch_continue(struct nftnl_batch *batch) { - assert(nftnl_batch_update(batch) >= 0); + int ret = nftnl_batch_update(batch); + + assert(ret >= 0); } static uint32_t mnl_batch_begin(struct nftnl_batch *batch, uint32_t genid, uint32_t seqnum) @@ -3227,6 +3229,7 @@ retry: case NFT_COMPAT_RULE_ZERO: case NFT_COMPAT_BRIDGE_USER_CHAIN_UPDATE: assert(0); + return 0; } mnl_nft_batch_continue(h->batch); @@ -3504,7 +3507,7 @@ static int nft_prepare(struct nft_handle *h) case NFT_COMPAT_TABLE_ADD: case NFT_COMPAT_CHAIN_ADD: assert(0); - break; + return 0; } nft_cmd_free(cmd); |