ebtables-restore: Drop custom table flush routine

At least since flushing xtables-restore doesn't fetch chains from kernel
anymore, problems with pending policy rule delete jobs can't happen
anymore.

Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft.c b/iptables/nft.c
index cf3ab9fe239aac8c56292d87e48edfec34808386..468c703a1d09fbca822c777cb0aa6c97af7f9245 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2985,27 +2985,6 @@ int nft_abort(struct nft_handle *h)
        return nft_action(h, NFT_COMPAT_ABORT);
 }
 
-int nft_abort_policy_rule(struct nft_handle *h, const char *table)
-{
-       struct obj_update *n, *tmp;
-
-       list_for_each_entry_safe(n, tmp, &h->obj_list, head) {
-               if (n->type != NFT_COMPAT_RULE_APPEND &&
-                   n->type != NFT_COMPAT_RULE_DELETE)
-                       continue;
-
-               if (strcmp(table,
-                          nftnl_rule_get_str(n->rule, NFTNL_RULE_TABLE)))
-                       continue;
-
-               if (!nft_rule_is_policy_rule(n->rule))
-                       continue;
-
-               batch_obj_del(h, n);
-       }
-       return 0;
-}
-
 int nft_compatible_revision(const char *name, uint8_t rev, int opt)
 {
        struct mnl_socket *nl;

diff --git a/iptables/nft.h b/iptables/nft.h
index 2094b0145519485918a14721b44a1baa0e9382cb..ebb4044d1a453041b058e0c4ea34a52e539399a7 100644 (file)
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -160,7 +160,6 @@ uint32_t nft_invflags2cmp(uint32_t invflags, uint32_t flag);
 int nft_commit(struct nft_handle *h);
 int nft_bridge_commit(struct nft_handle *h);
 int nft_abort(struct nft_handle *h);
-int nft_abort_policy_rule(struct nft_handle *h, const char *table);
 
 /*
  * revision compatibility.

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 8c25e5b29d4314e5ad5bf85795cb4e585f04fe35..bef0dd2232e2b78328d1dbd8ebccfaadb0d0736e 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -486,17 +486,10 @@ int xtables_ip6_restore_main(int argc, char *argv[])
                                    argc, argv);
 }
 
-static int ebt_table_flush(struct nft_handle *h, const char *table)
-{
-       /* drop any pending policy rule add/removal jobs */
-       nft_abort_policy_rule(h, table);
-       return nft_table_flush(h, table);
-}
-
 static const struct nft_xt_restore_cb ebt_restore_cb = {
        .commit         = nft_bridge_commit,
        .table_new      = nft_table_new,
-       .table_flush    = ebt_table_flush,
+       .table_flush    = nft_table_flush,
        .do_command     = do_commandeb,
        .chain_set      = nft_chain_set,
        .chain_restore  = nft_chain_restore,