On Thu, Dec 20, 2018 at 04:09:04PM +0100, Phil Sutter wrote: > There is no need to "delete" (actually, remove from cache) a chain if > noflush wasn't given: While handling the corresponding table line, > 'table_flush' callback has already taken care of that. > > Streamlining the code further, move syntax checks to the top. If these > concede, there are three cases to distinguish: > > A) Given chain name matches a builtin one in current table, so assume it > exists already and just set policy and counters. > > B) Noflush was given and the (custom) chain exists already, flush it. > > C) Custom chain was either flushed (noflush not given) or didn't exist > before, create it. > > Signed-off-by: Phil Sutter <[email protected]> > --- > iptables/nft-shared.h | 2 -- > iptables/xtables-restore.c | 68 +++++++++++--------------------------- > 2 files changed, 19 insertions(+), 51 deletions(-) > > diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h > index 388abb97303ab..019c1f20e2939 100644 > --- a/iptables/nft-shared.h > +++ b/iptables/nft-shared.h > @@ -245,8 +245,6 @@ struct nft_xt_restore_cb { > void (*table_new)(struct nft_handle *h, const char *table); > struct nftnl_chain_list *(*chain_list)(struct nft_handle *h, > const char *table); > - void (*chain_del)(struct nftnl_chain_list *clist, const char *curtable, > - const char *chain);
I added to this patch description that chain_del is basically dead code since d1eb4d587297. Thanks for disentangling this part of the code, looks better now.
