diff options
author | Florian Westphal <fw@strlen.de> | 2018-04-07 23:16:04 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-04-09 22:53:09 +0200 |
commit | 98fc8ce672049f4407b5abe7c87745494443c831 (patch) | |
tree | e8dcf803701aef0be1fbddcdc22e933645c9df40 /iptables/nft.c | |
parent | 9d9b724cab2276a1ffa43e8376f2ed10282d07da (diff) |
xtables-compat: only validate the xtables builtin tables
This allows xtables-compat to list all builtin tables unless one
contains nft specific expressions.
Tables that do not exist in xtables world are not printed anymore
(but a small hint is shown that such non-printable table(s) exist).
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 7c1e19d6..b3d9646d 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2827,7 +2827,10 @@ static int nft_are_chains_compatible(struct nft_handle *h) chain = nftnl_chain_list_iter_next(iter); while (chain != NULL) { - if (!nft_chain_builtin(chain)) + const char *table = nftnl_chain_get(chain, NFTNL_CHAIN_TABLE); + + if (!nft_chain_builtin(chain) || + !nft_is_table_compatible(h, table)) goto next; ret = nft_is_chain_compatible(h, chain); @@ -2876,10 +2879,14 @@ int nft_is_ruleset_compatible(struct nft_handle *h) rule = nftnl_rule_list_iter_next(iter); while (rule != NULL) { + if (!nft_is_table_compatible(h, + nftnl_rule_get_str(rule, NFTA_RULE_TABLE))) + goto next; + ret = nft_is_rule_compatible(rule); if (ret != 0) break; - +next: rule = nftnl_rule_list_iter_next(iter); } |