From f9932edff18a74dc373c708f38fe95b2f8d9a8a5 Mon Sep 17 00:00:00 2001

From: Phil Sutter <phil@nwl.cc>

Date: Thu, 20 Dec 2018 16:09:07 +0100

Subject: [PATCH] nft: Reduce indenting level in flush_chain_cache()

Instead of doing all in one go, make two separate decisions:

1) If table has no chain cache, either continue or return depending on

   whether we're flushing for a specific table.

2) With chain cache present, flushing strategy once more depends on

   whether we're flushing for a specific table: If given, just remove

   all rules and return. If not, free the cache and set to NULL (so that

   it will be repopulated later), then continue the loop.

Signed-off-by: Phil Sutter <phil@nwl.cc>

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

(cherry picked from commit d4b0d248cc057e39608c7c1c1203dd3f1ea96645)

Signed-off-by: Phil Sutter <psutter@redhat.com>

---

 iptables/nft.c | 22 +++++++++++++---------

 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c

index befd9f4dd9026..997d7bc58fd00 100644

--- a/iptables/nft.c

+++ b/iptables/nft.c

@@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename)

 		if (tablename && strcmp(h->tables[i].name, tablename))

 			continue;

-		if (h->table[i].chain_cache) {

-			if (tablename) {

-				nftnl_chain_list_foreach(h->table[i].chain_cache,

-							 __flush_chain_cache, NULL);

-				break;

-			} else {

-				nftnl_chain_list_free(h->table[i].chain_cache);

-				h->table[i].chain_cache = NULL;

-			}

+		if (!h->table[i].chain_cache) {

+			if (tablename)

+				return;

+			continue;

 		}

+

+		if (tablename) {

+			nftnl_chain_list_foreach(h->table[i].chain_cache,

+						 __flush_chain_cache, NULL);

+			return;

+		}

+

+		nftnl_chain_list_free(h->table[i].chain_cache);

+		h->table[i].chain_cache = NULL;

 	}

 }

-- 

2.20.1