nft: break loop after found matching chain

This patch breaks looping in nft_chain_user_del, nft_chain_zero_counters
and nft_rule_flush after the chain is found.

Signed-off-by: Giuseppe Longo <giuseppelng@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index 3aac420ce146309a301352164e9001506893e2c3..8be960fbeb6d55e353aabc01c1b77064d2b50460 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1271,6 +1271,8 @@ int nft_rule_flush(struct nft_handle *h, const char *chain, const char *table)
 
                __nft_rule_flush(h, table_name, chain_name);
 
+               if (chain != NULL)
+                       break;
 next:
                c = nft_chain_list_iter_next(iter);
        }
@@ -1381,6 +1383,9 @@ int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *tabl
                        break;
 
                deleted_ctr++;
+
+               if (chain != NULL)
+                       break;
 next:
                c = nft_chain_list_iter_next(iter);
        }
@@ -2841,6 +2846,8 @@ int nft_chain_zero_counters(struct nft_handle *h, const char *chain,
                if (ret < 0)
                        perror("mnl_talk:nft_chain_zero_counters");
 
+               if (chain != NULL)
+                       break;
 next:
                c = nft_chain_list_iter_next(iter);
        }