iptables-compat: chains are purge out already from table flush

Remove dead code that uses the ancient non-batch netlink API. Chains
are already purged out from table flush.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 089828a333cd0207263c346d37a9951b87655785..56b270e5a4b74c65c2b983bff2e3727b5d2b3f43 100644 (file)
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -246,8 +246,6 @@ struct nftnl_chain_list;
 struct nft_xt_restore_cb {
        void (*table_new)(struct nft_handle *h, const char *table);
        struct nftnl_chain_list *(*chain_list)(struct nft_handle *h);
-       int (*chains_purge)(struct nft_handle *h, const char *table,
-                           struct nftnl_chain_list *clist);
        void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable,
                          const char *chain);
        int (*chain_set)(struct nft_handle *h, const char *table,

diff --git a/iptables/nft.c b/iptables/nft.c
index 271269f984a3465731017ec8b635849da7f9bbf0..165fb9cf8f99d0027a7f17b4398d8930b9aab840 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -1405,18 +1405,6 @@ int nft_chain_user_add(struct nft_handle *h, const char *chain, const char *tabl
 #define NLM_F_NONREC   0x100   /* Do not delete recursively    */
 #endif
 
-static int __nft_chain_del(struct nft_handle *h, struct nftnl_chain *c)
-{
-       char buf[MNL_SOCKET_BUFFER_SIZE];
-       struct nlmsghdr *nlh;
-
-       nlh = nftnl_chain_nlmsg_build_hdr(buf, NFT_MSG_DELCHAIN, h->family,
-                                         NLM_F_NONREC | NLM_F_ACK, h->seq);
-       nftnl_chain_nlmsg_build_payload(nlh, c);
-
-       return mnl_talk(h, nlh, NULL, NULL);
-}
-
 int nft_chain_user_del(struct nft_handle *h, const char *chain, const char *table)
 {
        struct nftnl_chain_list *list;
@@ -1674,39 +1662,6 @@ err:
        return ret == 0 ? 1 : 0;
 }
 
-int nft_table_purge_chains(struct nft_handle *h, const char *this_table,
-                          struct nftnl_chain_list *chain_list)
-{
-       struct nftnl_chain_list_iter *iter;
-       struct nftnl_chain *chain_obj;
-
-       iter = nftnl_chain_list_iter_create(chain_list);
-       if (iter == NULL)
-               return 0;
-
-       chain_obj = nftnl_chain_list_iter_next(iter);
-       while (chain_obj != NULL) {
-               const char *table =
-                       nftnl_chain_get_str(chain_obj, NFTNL_CHAIN_TABLE);
-
-               if (strcmp(this_table, table) != 0)
-                       goto next;
-
-               if (nft_chain_builtin(chain_obj))
-                       goto next;
-
-               if ( __nft_chain_del(h, chain_obj) < 0) {
-                       if (errno != EBUSY)
-                               return -1;
-               }
-next:
-               chain_obj = nftnl_chain_list_iter_next(iter);
-       }
-       nftnl_chain_list_iter_destroy(iter);
-
-       return 0;
-}
-
 static int __nft_rule_del(struct nft_handle *h, struct nftnl_rule_list *list,
                          struct nftnl_rule *r)
 {

diff --git a/iptables/xtables-restore.c b/iptables/xtables-restore.c
index 3de496f853878e922b92f610bdaf9af7c9d4b41d..a33a659341db185409501dd3b7b45a725349d502 100644 (file)
--- a/iptables/xtables-restore.c
+++ b/iptables/xtables-restore.c
@@ -190,7 +190,6 @@ struct nft_xt_restore_cb restore_cb = {
        .chain_list     = get_chain_list,
        .commit         = nft_commit,
        .abort          = nft_abort,
-       .chains_purge   = nft_table_purge_chains,
        .table_flush    = nft_table_flush,
        .chain_del      = chain_delete,
        .do_command     = do_commandx,
@@ -245,10 +244,6 @@ void xtables_restore_parse(struct nft_handle *h,
                        }
                        in_table = 0;
 
-                       /* Purge out unused chains in this table */
-                       if (!p->testing && cb->chains_purge)
-                               cb->chains_purge(h, curtable, chain_list);
-
                } else if ((buffer[0] == '*') && (!in_table)) {
                        /* New table */
                        char *table;