From 9523b2e9dee3d9b4439214092c496542ce9f434e Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Thu, 20 Dec 2018 16:09:04 +0100
Subject: xtables-restore: Review chain handling

There is no need to "delete" (actually, remove from cache) a chain if
noflush wasn't given: While handling the corresponding table line,
'table_flush' callback has already taken care of that.

This .chain_del indirection is not required since d1eb4d587297
("iptables-compat: chains are purge out already from table flush").

Streamlining the code further, move syntax checks to the top. If these
concede, there are three cases to distinguish:

A) Given chain name matches a builtin one in current table, so assume it
   exists already and just set policy and counters.

B) Noflush was given and the (custom) chain exists already, flush it.

C) Custom chain was either flushed (noflush not given) or didn't exist
   before, create it.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-shared.h | 2 --
 1 file changed, 2 deletions(-)

(limited to 'iptables/nft-shared.h')

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 388abb97..019c1f20 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -245,8 +245,6 @@ struct nft_xt_restore_cb {
 	void (*table_new)(struct nft_handle *h, const char *table);
 	struct nftnl_chain_list *(*chain_list)(struct nft_handle *h,
 					       const char *table);
-	void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable,
-			  const char *chain);
 	int (*chain_user_flush)(struct nft_handle *h,
 				struct nftnl_chain_list *clist,
 				const char *table, const char *chain);
-- 
cgit v1.2.3