nft: Fix for -Z with bogus rule number

The command is supposed to fail if no rule at given index is found.
While at it, drop the goto and label which are unused since commit
9b896224e0bfc ("xtables: rework rule cache logic").

Fixes: a69cc575295ee ("xtables: allow to reset the counters of an existing rule")
Signed-off-by: Phil Sutter <phil@nwl.cc>

diff --git a/iptables/nft.c b/iptables/nft.c
index 88be5ede5171d904aec1c71649bd348e20d4cdf2..21a7e211d7d780de5485d43e3bfe5b3a79f39771 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2978,7 +2978,6 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
                .command = NFT_COMPAT_RULE_APPEND,
        };
        struct nft_chain *c;
-       int ret = 0;
 
        nft_fn = nft_rule_delete;
 
@@ -2991,8 +2990,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
        r = nft_rule_find(h, c, NULL, rulenum);
        if (r == NULL) {
                errno = ENOENT;
-               ret = 1;
-               goto error;
+               return 0;
        }
 
        if (h->ops->init_cs)
@@ -3005,10 +3003,7 @@ int nft_rule_zero_counters(struct nft_handle *h, const char *chain,
        if (!new_rule)
                return 1;
 
-       ret = nft_rule_append(h, chain, table, new_rule, r, false);
-
-error:
-       return ret;
+       return nft_rule_append(h, chain, table, new_rule, r, false);
 }
 
 static void nft_table_print_debug(struct nft_handle *h,