This is a partial revert of d3e378b4a93f ("xtables: add skip flag to
objects"). This should be handled from the ERESTART case.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
iptables/nft.c | 25 +++++++++----------------
1 file changed, 9 insertions(+), 16 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index 172beec9ae27..0f0492bc200c 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2103,10 +2103,9 @@ int nft_for_each_table(struct nft_handle *h,
return 0;
}
-static int __nft_table_flush(struct nft_handle *h, const char *table, bool exists)
+static int __nft_table_flush(struct nft_handle *h, const char *table)
{
const struct builtin_table *_t;
- struct obj_update *obj;
struct nftnl_table *t;
t = nftnl_table_alloc();
@@ -2115,14 +2114,7 @@ static int __nft_table_flush(struct nft_handle *h, const char *table, bool exist
nftnl_table_set_str(t, NFTNL_TABLE_NAME, table);
- obj = batch_table_add(h, NFT_COMPAT_TABLE_FLUSH, t);
- if (!obj) {
- nftnl_table_free(t);
- return -1;
- }
-
- if (!exists)
- obj->skip = 1;
+ batch_table_add(h, NFT_COMPAT_TABLE_FLUSH, t);
_t = nft_table_builtin_find(h, table);
assert(_t);
@@ -2138,7 +2130,6 @@ int nft_table_flush(struct nft_handle *h, const char *table)
struct nftnl_table_list_iter *iter;
struct nftnl_table_list *list;
struct nftnl_table *t;
- bool exists = false;
int ret = 0;
nft_fn = nft_table_flush;
@@ -2160,15 +2151,17 @@ int nft_table_flush(struct nft_handle *h, const char *table)
const char *table_name =
nftnl_table_get_str(t, NFTNL_TABLE_NAME);
- if (strcmp(table_name, table) == 0) {
- exists = true;
- break;
- }
+ if (strcmp(table_name, table) != 0)
+ goto next;
+ ret = __nft_table_flush(h, table);
+ if (ret < 0)
+ goto err_table_iter;
+next:
t = nftnl_table_list_iter_next(iter);
}
- ret = __nft_table_flush(h, table, exists);
+err_table_iter:
nftnl_table_list_iter_destroy(iter);
err_table_list:
err_out:
--
2.11.0
