From 79816721276e104bd54b684991d1975abad2ca02 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Wed, 9 Oct 2024 18:43:34 +0200 Subject: [PATCH] nft: Fix for -Z with bogus rule number The command is supposed to fail if no rule at given index is found. While at it, drop the goto and label which are unused since commit 9b896224e0bfc ("xtables: rework rule cache logic"). Fixes: a69cc575295ee ("xtables: allow to reset the counters of an existing rule") Signed-off-by: Phil Sutter --- iptables/nft.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 88be5ede..21a7e211 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2978,7 +2978,6 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain, .command = NFT_COMPAT_RULE_APPEND, }; struct nft_chain *c; - int ret = 0; nft_fn = nft_rule_delete; @@ -2991,8 +2990,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain, r = nft_rule_find(h, c, NULL, rulenum); if (r == NULL) { errno = ENOENT; - ret = 1; - goto error; + return 0; } if (h->ops->init_cs) @@ -3005,10 +3003,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain, if (!new_rule) return 1; - ret = nft_rule_append(h, chain, table, new_rule, r, false); - -error: - return ret; + return nft_rule_append(h, chain, table, new_rule, r, false); } static void nft_table_print_debug(struct nft_handle *h, -- 2.47.3