xtables: Move new chain check to where it belongs

Instead of checking chain existence in xtables.c, do it in
nft_chain_user_add() and reuse predefined error message.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index 60b0531f4c8c8311bc30b082000b1e9cef4c68d2..c1b8ba3aa4bcfe1a683ea29b5855aa2b846f6916 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1726,6 +1726,11 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
        if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0)
                nft_xt_builtin_init(h, table);
 
+       if (nft_chain_exists(h, table, chain)) {
+               errno = EEXIST;
+               return 0;
+       }
+
        c = nftnl_chain_alloc();
        if (c == NULL)
                return 0;

diff --git a/iptables/xtables.c b/iptables/xtables.c
index 1d777554076d758ec65499bd36f865acb85b7d94..44986a37aaf50df9cfbcf2f9948f6c7d38326697 100644 (file)
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1069,9 +1069,6 @@ void do_parse(struct nft_handle *h, int argc, char *argv[],
                        xtables_error(PARAMETER_PROBLEM,
                                      "Chain '%s' does not exist", cs->jumpto);
        }
-       if (!p->xlate && p->command == CMD_NEW_CHAIN &&
-           nft_chain_exists(h, p->table, p->chain))
-               xtables_error(OTHER_PROBLEM, "Chain already exists");
 }
 
 int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,