From c19fa5833a0bc0eb787799634bd26dea91fcdca1 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Wed, 13 Feb 2019 11:11:24 +0100
Subject: xtables: Move new chain check to where it belongs

Instead of checking chain existence in xtables.c, do it in
nft_chain_user_add() and reuse predefined error message.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'iptables/nft.c')

diff --git a/iptables/nft.c b/iptables/nft.c
index 60b0531f..c1b8ba3a 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1726,6 +1726,11 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
 	if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
 		nft_xt_builtin_init(h, table);
 
+	if (nft_chain_exists(h, table, chain)) {
+		errno = EEXIST;
+		return 0;
+	}
+
 	c = nftnl_chain_alloc();
 	if (c == NULL)
 		return 0;
-- 
cgit v1.2.3