src: don't return error in netlink_linearize_rule()

This function converts the rule from the list of statements to the
netlink message format. The only two possible errors that can make
this function to fail are memory exhaustion and malformed statements
which inmediately stop the execution of nft.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/netlink.h b/include/netlink.h
index af5dcd94da28658865db92ebcf6c47781a648f23..d7d5c2d1719c7e99eb1a1457026294434cdfda56 100644 (file)
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -65,9 +65,9 @@ extern struct expr *netlink_alloc_data(const struct location *loc,
                                       const struct nft_data_delinearize *nld,
                                       enum nft_registers dreg);
 
-extern int netlink_linearize_rule(struct netlink_ctx *ctx,
-                                 struct nft_rule *nlr,
-                                 const struct rule *rule);
+extern void netlink_linearize_rule(struct netlink_ctx *ctx,
+                                  struct nft_rule *nlr,
+                                  const struct rule *rule);
 extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
                                             const struct nft_rule *r);
 

diff --git a/src/netlink.c b/src/netlink.c
index dc7a7c4b84cf138cb6c5f1ba4eeb21f76558d98f..102f799a514f034b81f703e30e3e467bab5af6d9 100644 (file)
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -354,16 +354,14 @@ int netlink_add_rule_batch(struct netlink_ctx *ctx,
        int err;
 
        nlr = alloc_nft_rule(&rule->handle);
-       err = netlink_linearize_rule(ctx, nlr, rule);
-       if (err == 0) {
-               err = mnl_nft_rule_batch_add(nlr, flags | NLM_F_EXCL,
-                                            ctx->seqnum);
-               if (err < 0)
-                       netlink_io_error(ctx, &rule->location,
-                                        "Could not add rule to batch: %s",
-                                        strerror(errno));
-       }
+       netlink_linearize_rule(ctx, nlr, rule);
+       err = mnl_nft_rule_batch_add(nlr, flags | NLM_F_EXCL, ctx->seqnum);
        nft_rule_free(nlr);
+       if (err < 0) {
+               netlink_io_error(ctx, &rule->location,
+                                "Could not add rule to batch: %s",
+                                strerror(errno));
+       }
        return err;
 }
 

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index f5ce19c9a8823538214ee698ffae6de6bc66dc48..5eecd79122a803e2c223e9e4b5e6d2d31d7a0cdf 100644 (file)
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -746,8 +746,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx,
        }
 }
 
-int netlink_linearize_rule(struct netlink_ctx *ctx, struct nft_rule *nlr,
-                          const struct rule *rule)
+void netlink_linearize_rule(struct netlink_ctx *ctx, struct nft_rule *nlr,
+                           const struct rule *rule)
 {
        struct netlink_linearize_ctx lctx;
        const struct stmt *stmt;
@@ -760,5 +760,4 @@ int netlink_linearize_rule(struct netlink_ctx *ctx, struct nft_rule *nlr,
                netlink_gen_stmt(&lctx, stmt);
 
        netlink_dump_rule(nlr);
-       return 0;
 }