From patchwork Wed Feb 13 10:11:24 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Phil Sutter <phil@nwl.cc>
X-Patchwork-Id: 1041130
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=nwl.cc
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 43zwKP4TMSz9s5c
	for <incoming@patchwork.ozlabs.org>;
	Wed, 13 Feb 2019 21:11:21 +1100 (AEDT)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1731283AbfBMKLU (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Wed, 13 Feb 2019 05:11:20 -0500
Received: from orbyte.nwl.cc ([151.80.46.58]:33310 "EHLO orbyte.nwl.cc"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1726159AbfBMKLU (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);
	Wed, 13 Feb 2019 05:11:20 -0500
Received: from localhost ([::1]:46400 helo=tatos)
	by orbyte.nwl.cc with esmtp (Exim 4.91)
	(envelope-from <phil@nwl.cc>)
	id 1gtrVe-0003Qi-6f; Wed, 13 Feb 2019 11:11:18 +0100
From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [iptables PATCH 2/5] xtables: Move new chain check to where it
	belongs
Date: Wed, 13 Feb 2019 11:11:24 +0100
Message-Id: <20190213101127.2195-3-phil@nwl.cc>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190213101127.2195-1-phil@nwl.cc>
References: <20190213101127.2195-1-phil@nwl.cc>
MIME-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

Instead of checking chain existence in xtables.c, do it in
nft_chain_user_add() and reuse predefined error message.

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft.c     | 5 +++++
 iptables/xtables.c | 3 ---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 60b0531f4c8c8..c1b8ba3aa4bcf 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1726,6 +1726,11 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
 	if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
 		nft_xt_builtin_init(h, table);
 
+	if (nft_chain_exists(h, table, chain)) {
+		errno = EEXIST;
+		return 0;
+	}
+
 	c = nftnl_chain_alloc();
 	if (c == NULL)
 		return 0;
diff --git a/iptables/xtables.c b/iptables/xtables.c
index 1d777554076d7..44986a37aaf50 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1069,9 +1069,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
 			xtables_error(PARAMETER_PROBLEM,
 				      "Chain '%s' does not exist", cs->jumpto);
 	}
-	if (!p->xlate && p->command == CMD_NEW_CHAIN &&
-	    nft_chain_exists(h, p->table, p->chain))
-		xtables_error(OTHER_PROBLEM, "Chain already exists");
 }
 
 int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,