nft: Reduce indenting level in flush_chain_cache()

Instead of doing all in one go, make two separate decisions:

1) If table has no chain cache, either continue or return depending on
   whether we're flushing for a specific table.

2) With chain cache present, flushing strategy once more depends on
   whether we're flushing for a specific table: If given, just remove
   all rules and return. If not, free the cache and set to NULL (so that
   it will be repopulated later), then continue the loop.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 13 insertions, 9 deletions

diff --git a/iptables/nft.c b/iptables/nft.c
index befd9f4d..997d7bc5 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename)
 		if (tablename && strcmp(h->tables[i].name, tablename))
 			continue;
 
-		if (h->table[i].chain_cache) {
-			if (tablename) {
-				nftnl_chain_list_foreach(h->table[i].chain_cache,
-							 __flush_chain_cache, NULL);
-				break;
-			} else {
-				nftnl_chain_list_free(h->table[i].chain_cache);
-				h->table[i].chain_cache = NULL;
-			}
+		if (!h->table[i].chain_cache) {
+			if (tablename)
+				return;
+			continue;
 		}
+
+		if (tablename) {
+			nftnl_chain_list_foreach(h->table[i].chain_cache,
+						 __flush_chain_cache, NULL);
+			return;
+		}
+
+		nftnl_chain_list_free(h->table[i].chain_cache);
+		h->table[i].chain_cache = NULL;
 	}
 }