diff mbox series

[iptables,2/5] xtables: Move new chain check to where it belongs

Message ID 20190213101127.2195-3-phil@nwl.cc
State Accepted
Delegated to: Pablo Neira
Headers show
Series Align iptables-nft error messages with legacy | expand

Commit Message

Phil Sutter Feb. 13, 2019, 10:11 a.m. UTC 
Instead of checking chain existence in xtables.c, do it in
nft_chain_user_add() and reuse predefined error message.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c     | 5 +++++
 iptables/xtables.c | 3 ---
 2 files changed, 5 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/iptables/nft.c b/iptables/nft.c
index 60b0531f4c8c8..c1b8ba3aa4bcf 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1726,6 +1726,11 @@  int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
 	if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
 		nft_xt_builtin_init(h, table);
 
+	if (nft_chain_exists(h, table, chain)) {
+		errno = EEXIST;
+		return 0;
+	}
+
 	c = nftnl_chain_alloc();
 	if (c == NULL)
 		return 0;
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 1d777554076d7..44986a37aaf50 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1069,9 +1069,6 @@  void do_parse(struct nft_handle *h, int argc, char *argv[],
 			xtables_error(PARAMETER_PROBLEM,
 				      "Chain '%s' does not exist", cs->jumpto);
 	}
-	if (!p->xlate && p->command == CMD_NEW_CHAIN &&
-	    nft_chain_exists(h, p->table, p->chain))
-		xtables_error(OTHER_PROBLEM, "Chain already exists");
 }
 
 int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,