Instead of doing all in one go, make two separate decisions: 1) If table has no chain cache, either continue or return depending on whether we're flushing for a specific table.
2) With chain cache present, flushing strategy once more depends on whether we're flushing for a specific table: If given, just remove all rules and return. If not, free the cache and set to NULL (so that it will be repopulated later), then continue the loop. Signed-off-by: Phil Sutter <[email protected]> --- iptables/nft.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 8f030afa81246..a4a3d11ff5f35 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -815,16 +815,20 @@ static void flush_chain_cache(struct nft_handle *h, const char *tablename) if (tablename && strcmp(h->tables[i].name, tablename)) continue; - if (h->table[i].chain_cache) { - if (tablename) { - nftnl_chain_list_foreach(h->table[i].chain_cache, - __flush_chain_cache, NULL); - break; - } else { - nftnl_chain_list_free(h->table[i].chain_cache); - h->table[i].chain_cache = NULL; - } + if (!h->table[i].chain_cache) { + if (tablename) + return; + continue; } + + if (tablename) { + nftnl_chain_list_foreach(h->table[i].chain_cache, + __flush_chain_cache, NULL); + return; + } + + nftnl_chain_list_free(h->table[i].chain_cache); + h->table[i].chain_cache = NULL; } } -- 2.19.0
