From: Phil Sutter Date: Wed, 9 Oct 2024 16:43:34 +0000 (+0200) Subject: nft: Fix for -Z with bogus rule number X-Git-Tag: v1.8.11~18 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=79816721276e104bd54b684991d1975abad2ca02;p=thirdparty%2Fiptables.git nft: Fix for -Z with bogus rule number The command is supposed to fail if no rule at given index is found. While at it, drop the goto and label which are unused since commit 9b896224e0bfc ("xtables: rework rule cache logic"). Fixes: a69cc575295ee ("xtables: allow to reset the counters of an existing rule") Signed-off-by: Phil Sutter --- diff --git a/iptables/nft.c b/iptables/nft.c index 88be5ede..21a7e211 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2978,7 +2978,6 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain, .command = NFT_COMPAT_RULE_APPEND, }; struct nft_chain *c; - int ret = 0; nft_fn = nft_rule_delete; @@ -2991,8 +2990,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain, r = nft_rule_find(h, c, NULL, rulenum); if (r == NULL) { errno = ENOENT; - ret = 1; - goto error; + return 0; } if (h->ops->init_cs) @@ -3005,10 +3003,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain, if (!new_rule) return 1; - ret = nft_rule_append(h, chain, table, new_rule, r, false); - -error: - return ret; + return nft_rule_append(h, chain, table, new_rule, r, false); } static void nft_table_print_debug(struct nft_handle *h,