netlink: fix nft flush operation

nft_netlink function is already calling mnl_batch_end and
mnl_batch_begin so it is not necessary to do it in the
netlink_flush_rules function. Doing this result in a invalid
netlink message which is discarded by the kernel.

Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/netlink.c b/src/netlink.c
index f75cef763610a856445bb1130e8f605c504a7c3b..a62c357229ec0b264e76f3ee33870ac2eeb9690d 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -456,10 +456,8 @@ static int netlink_flush_rules(struct netlink_ctx *ctx, const struct handle *h,
                                        strerror(errno));
 
        ctx->data = h;
-       mnl_batch_begin();
        nft_rule_list_foreach(rule_cache, flush_rule_cb, ctx);
        nft_rule_list_free(rule_cache);
-       mnl_batch_end();
        return 0;
 }