nft: Reduce indenting level in flush_chain_cache()

Instead of doing all in one go, make two separate decisions:

1) If table has no chain cache, either continue or return depending on
   whether we're flushing for a specific table.

2) With chain cache present, flushing strategy once more depends on
   whether we're flushing for a specific table: If given, just remove
   all rules and return. If not, free the cache and set to NULL (so that
   it will be repopulated later), then continue the loop.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index befd9f4dd9026bcf62210d261c4b4e817704a04e..997d7bc58fd001c60a5fb1caa18a85c1ea340fdd 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename)
                if (tablename && strcmp(h->tables[i].name, tablename))
                        continue;
 
-               if (h->table[i].chain_cache) {
-                       if (tablename) {
-                               nftnl_chain_list_foreach(h->table[i].chain_cache,
-                                                        __flush_chain_cache, NULL);
-                               break;
-                       } else {
-                               nftnl_chain_list_free(h->table[i].chain_cache);
-                               h->table[i].chain_cache = NULL;
-                       }
+               if (!h->table[i].chain_cache) {
+                       if (tablename)
+                               return;
+                       continue;
                }
+
+               if (tablename) {
+                       nftnl_chain_list_foreach(h->table[i].chain_cache,
+                                                __flush_chain_cache, NULL);
+                       return;
+               }
+
+               nftnl_chain_list_free(h->table[i].chain_cache);
+               h->table[i].chain_cache = NULL;
        }
 }