diff options
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft-shared.h | 2 | ||||
-rw-r--r-- | iptables/xtables-restore.c | 68 |
2 files changed, 19 insertions, 51 deletions
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 388abb97..019c1f20 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -245,8 +245,6 @@ struct nft_xt_restore_cb { void (*table_new)(struct nft_handle *h, const char *table); struct nftnl_chain_list *(*chain_list)(struct nft_handle *h, const char *table); - void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable, - const char *chain); int (*chain_user_flush)(struct nft_handle *h, struct nftnl_chain_list *clist, const char *table, const char *chain); diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 642876d6..4e00ed86 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -68,21 +68,6 @@ static struct nftnl_chain_list *get_chain_list(struct nft_handle *h, return chain_list; } -static void chain_delete(struct nftnl_chain_list *clist, const char *curtable, - const char *chain) -{ - struct nftnl_chain *chain_obj; - - chain_obj = nft_chain_list_find(clist, chain); - /* This chain has been found, delete from list. Later - * on, unvisited chains will be purged out. - */ - if (chain_obj != NULL) { - nftnl_chain_list_del(chain_obj); - nftnl_chain_free(chain_obj); - } -} - struct nft_xt_restore_cb restore_cb = { .chain_list = get_chain_list, .commit = nft_commit, @@ -90,7 +75,6 @@ struct nft_xt_restore_cb restore_cb = { .table_new = nft_table_new, .table_flush = nft_table_flush, .chain_user_flush = nft_chain_user_flush, - .chain_del = chain_delete, .do_command = do_commandx, .chain_set = nft_chain_set, .chain_user_add = nft_chain_user_add, @@ -183,7 +167,6 @@ void xtables_restore_parse(struct nft_handle *h, /* New chain. */ char *policy, *chain = NULL; struct xt_counters count = {}; - bool chain_exists = false; chain = strtok(buffer+1, " \t\n"); DEBUGP("line %u, chain '%s'\n", line, chain); @@ -194,21 +177,6 @@ void xtables_restore_parse(struct nft_handle *h, exit(1); } - if (noflush == 0) { - if (cb->chain_del) - cb->chain_del(chain_list, curtable->name, - chain); - } else if (nft_chain_list_find(chain_list, chain)) { - chain_exists = true; - /* Apparently -n still flushes existing user - * defined chains that are redefined. Otherwise, - * leave them as is. - */ - if (cb->chain_user_flush) - cb->chain_user_flush(h, chain_list, - curtable->name, chain); - } - if (strlen(chain) >= XT_EXTENSION_MAXNAMELEN) xtables_error(PARAMETER_PROBLEM, "Invalid chain name `%s' " @@ -246,24 +214,28 @@ void xtables_restore_parse(struct nft_handle *h, } DEBUGP("Setting policy of chain %s to %s\n", chain, policy); - ret = 1; - } else { - if (!chain_exists && - cb->chain_user_add && - cb->chain_user_add(h, chain, - curtable->name) < 0) { - if (errno == EEXIST) - continue; + } else if (noflush && + nftnl_chain_list_lookup_byname(chain_list, chain)) { + /* Apparently -n still flushes existing user + * defined chains that are redefined. Otherwise, + * leave them as is. + */ + if (cb->chain_user_flush) + cb->chain_user_flush(h, chain_list, + curtable->name, chain); + } else if (cb->chain_user_add && + cb->chain_user_add(h, chain, + curtable->name) < 0) { + if (errno == EEXIST) + continue; - xtables_error(PARAMETER_PROBLEM, - "cannot create chain " - "'%s' (%s)\n", chain, - strerror(errno)); - } - continue; + xtables_error(PARAMETER_PROBLEM, + "cannot create chain " + "'%s' (%s)\n", chain, + strerror(errno)); } - + ret = 1; } else if (in_table) { int a; char *pcnt = NULL; @@ -496,7 +468,6 @@ struct nft_xt_restore_cb ebt_restore_cb = { .table_new = nft_table_new, .table_flush = nft_table_flush, .chain_user_flush = nft_chain_user_flush, - .chain_del = chain_delete, .do_command = do_commandeb, .chain_set = nft_chain_set, .chain_user_add = nft_chain_user_add, @@ -542,7 +513,6 @@ struct nft_xt_restore_cb arp_restore_cb = { .table_new = nft_table_new, .table_flush = nft_table_flush, .chain_user_flush = nft_chain_user_flush, - .chain_del = chain_delete, .do_command = do_commandarp, .chain_set = nft_chain_set, .chain_user_add = nft_chain_user_add, |