From d1eb4d58729736773d1c5cc106451e2851427850 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 4 May 2018 11:41:10 +0200 Subject: iptables-compat: chains are purge out already from table flush Remove dead code that uses the ancient non-batch netlink API. Chains are already purged out from table flush. Signed-off-by: Pablo Neira Ayuso --- iptables/nft-shared.h | 2 -- iptables/nft.c | 45 --------------------------------------------- iptables/xtables-restore.c | 5 ----- 3 files changed, 52 deletions(-) diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index 089828a3..56b270e5 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -246,8 +246,6 @@ struct nftnl_chain_list; struct nft_xt_restore_cb { void (*table_new)(struct nft_handle *h, const char *table); struct nftnl_chain_list *(*chain_list)(struct nft_handle *h); - int (*chains_purge)(struct nft_handle *h, const char *table, - struct nftnl_chain_list *clist); void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable, const char *chain); int (*chain_set)(struct nft_handle *h, const char *table, diff --git a/iptables/nft.c b/iptables/nft.c index 271269f9..165fb9cf 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -1405,18 +1405,6 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl #define NLM_F_NONREC 0x100 /* Do not delete recursively */ #endif -static int __nft_chain_del(struct nft_handle *h, struct nftnl_chain *c) -{ - char buf[MNL_SOCKET_BUFFER_SIZE]; - struct nlmsghdr *nlh; - - nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, h->family, - NLM_F_NONREC | NLM_F_ACK, h->seq); - nftnl_chain_nlmsg_build_payload(nlh, c); - - return mnl_talk(h, nlh, NULL, NULL); -} - int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table) { struct nftnl_chain_list *list; @@ -1674,39 +1662,6 @@ err: return ret == 0 ? 1 : 0; } -int nft_table_purge_chains(struct nft_handle *h, const char *this_table, - struct nftnl_chain_list *chain_list) -{ - struct nftnl_chain_list_iter *iter; - struct nftnl_chain *chain_obj; - - iter = nftnl_chain_list_iter_create(chain_list); - if (iter == NULL) - return 0; - - chain_obj = nftnl_chain_list_iter_next(iter); - while (chain_obj != NULL) { - const char *table = - nftnl_chain_get_str(chain_obj, NFTNL_CHAIN_TABLE); - - if (strcmp(this_table, table) != 0) - goto next; - - if (nft_chain_builtin(chain_obj)) - goto next; - - if ( __nft_chain_del(h, chain_obj) < 0) { - if (errno != EBUSY) - return -1; - } -next: - chain_obj = nftnl_chain_list_iter_next(iter); - } - nftnl_chain_list_iter_destroy(iter); - - return 0; -} - static int __nft_rule_del(struct nft_handle *h, struct nftnl_rule_list *list, struct nftnl_rule *r) { diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c index 3de496f8..a33a6593 100644 --- a/iptables/xtables-restore.c +++ b/iptables/xtables-restore.c @@ -190,7 +190,6 @@ struct nft_xt_restore_cb restore_cb = { .chain_list = get_chain_list, .commit = nft_commit, .abort = nft_abort, - .chains_purge = nft_table_purge_chains, .table_flush = nft_table_flush, .chain_del = chain_delete, .do_command = do_commandx, @@ -245,10 +244,6 @@ void xtables_restore_parse(struct nft_handle *h, } in_table = 0; - /* Purge out unused chains in this table */ - if (!p->testing && cb->chains_purge) - cb->chains_purge(h, curtable, chain_list); - } else if ((buffer[0] == '*') && (!in_table)) { /* New table */ char *table; -- cgit v1.2.3