diff mbox series

[iptables-compat,3/3] iptables-compat: chains are purge out already from table flush

Message ID 20180504094920.23853-3-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [iptables-compat,1/3] iptables-compat: remove non-batching routines | expand

Commit Message

Pablo Neira Ayuso May 4, 2018, 9:49 a.m. UTC 
Remove dead code that uses the ancient non-batch netlink API. Chains
are already purged out from table flush.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 iptables/nft-shared.h      |  2 --
 iptables/nft.c             | 45 ---------------------------------------------
 iptables/xtables-restore.c |  5 -----
 3 files changed, 52 deletions(-)
diff mbox series

Patch

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 1520d613b528..79bea410c4d8 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -245,8 +245,6 @@  struct nftnl_chain_list;
 struct nft_xt_restore_cb {
 	void (*table_new)(struct nft_handle *h, const char *table);
 	struct nftnl_chain_list *(*chain_list)(struct nft_handle *h);
-	int (*chains_purge)(struct nft_handle *h, const char *table,
-			    struct nftnl_chain_list *clist);
 	void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable,
 			  const char *chain);
 	int (*chain_set)(struct nft_handle *h, const char *table,
diff --git a/iptables/nft.c b/iptables/nft.c
index 5858e01e52ac..2e8e0ae60b9d 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1397,18 +1397,6 @@  int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
 #define NLM_F_NONREC	0x100	/* Do not delete recursively    */
 #endif
 
-static int __nft_chain_del(struct nft_handle *h, struct nftnl_chain *c)
-{
-	char buf[MNL_SOCKET_BUFFER_SIZE];
-	struct nlmsghdr *nlh;
-
-	nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, h->family,
-					  NLM_F_NONREC | NLM_F_ACK, h->seq);
-	nftnl_chain_nlmsg_build_payload(nlh, c);
-
-	return mnl_talk(h, nlh, NULL, NULL);
-}
-
 int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table)
 {
 	struct nftnl_chain_list *list;
@@ -1666,39 +1654,6 @@  err:
 	return ret == 0 ? 1 : 0;
 }
 
-int nft_table_purge_chains(struct nft_handle *h, const char *this_table,
-			   struct nftnl_chain_list *chain_list)
-{
-	struct nftnl_chain_list_iter *iter;
-	struct nftnl_chain *chain_obj;
-
-	iter = nftnl_chain_list_iter_create(chain_list);
-	if (iter == NULL)
-		return 0;
-
-	chain_obj = nftnl_chain_list_iter_next(iter);
-	while (chain_obj != NULL) {
-		const char *table =
-			nftnl_chain_get_str(chain_obj, NFTNL_CHAIN_TABLE);
-
-		if (strcmp(this_table, table) != 0)
-			goto next;
-
-		if (nft_chain_builtin(chain_obj))
-			goto next;
-
-		if ( __nft_chain_del(h, chain_obj) < 0) {
-			if (errno != EBUSY)
-				return -1;
-		}
-next:
-		chain_obj = nftnl_chain_list_iter_next(iter);
-	}
-	nftnl_chain_list_iter_destroy(iter);
-
-	return 0;
-}
-
 static int __nft_rule_del(struct nft_handle *h, struct nftnl_rule_list *list,
 			  struct nftnl_rule *r)
 {
diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 3de496f85387..a33a659341db 100644
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -190,7 +190,6 @@  struct nft_xt_restore_cb restore_cb = {
 	.chain_list	= get_chain_list,
 	.commit		= nft_commit,
 	.abort		= nft_abort,
-	.chains_purge	= nft_table_purge_chains,
 	.table_flush	= nft_table_flush,
 	.chain_del	= chain_delete,
 	.do_command	= do_commandx,
@@ -245,10 +244,6 @@  void xtables_restore_parse(struct nft_handle *h,
 			}
 			in_table = 0;
 
-			/* Purge out unused chains in this table */
-			if (!p->testing && cb->chains_purge)
-				cb->chains_purge(h, curtable, chain_list);
-
 		} else if ((buffer[0] == '*') && (!in_table)) {
 			/* New table */
 			char *table;