From c10f5977915b1b7ddfb6557f9f6b18cd4140c26b Mon Sep 17 00:00:00 2001

From: Phil Sutter <phil@nwl.cc>

Date: Thu, 20 Dec 2018 16:09:09 +0100

Subject: [PATCH] nft: Simplify nft_rule_insert() a bit

Fetch rule list right on top instead of in each branch separately.

Signed-off-by: Phil Sutter <phil@nwl.cc>

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

(cherry picked from commit 88bd4f28878bc7d41daa23098d68bf1bf6f5cea2)

Signed-off-by: Phil Sutter <psutter@redhat.com>

---

 iptables/nft.c | 5 +----

 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c

index 7d08a0884adde..469448f42cd6d 100644

--- a/iptables/nft.c

+++ b/iptables/nft.c

@@ -2091,8 +2091,8 @@ nft_rule_add(struct nft_handle *h, const char *chain,

 int nft_rule_insert(struct nft_handle *h, const char *chain,

 		    const char *table, void *data, int rulenum, bool verbose)

 {

+	struct nftnl_rule_list *list = nft_rule_list_get(h);

 	struct nftnl_rule *r, *new_rule;

-	struct nftnl_rule_list *list;

 	uint64_t handle = 0;

 	/* If built-in chains don't exist for this table, create them */

@@ -2102,7 +2102,6 @@ int nft_rule_insert(struct nft_handle *h, const char *chain,

 	nft_fn = nft_rule_insert;

 	if (rulenum > 0) {

-		list = nft_rule_list_get(h);

 		if (list == NULL)

 			goto err;

@@ -2123,8 +2122,6 @@ int nft_rule_insert(struct nft_handle *h, const char *chain,

 		handle = nftnl_rule_get_u64(r, NFTNL_RULE_HANDLE);

 		DEBUGP("adding after rule handle %"PRIu64"\n", handle);

-	} else {

-		nft_rule_list_get(h);

 	}

 	new_rule = nft_rule_add(h, chain, table, data, handle, verbose);

-- 

2.20.1