diff options
author | Florian Westphal <fw@strlen.de> | 2018-06-19 12:02:24 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-06-25 11:50:51 +0200 |
commit | 20eac2ad174e43a3d4a4275c3d44f99c12bd04b9 (patch) | |
tree | f6f38ec4b33f55394d7930532bdcde7feb3cbed8 /iptables/xtables-save.c | |
parent | c9f5e18d72d3a010e9a53024290f9f4802ada9fd (diff) |
xtables: warn in case old-style (set/getsockopt) tables exist
Provide a hint that iptables isn't showing all rules because
its using nfnetlink rather than old set/getsockopt.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/xtables-save.c')
-rw-r--r-- | iptables/xtables-save.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 1652fbbc..c19c9991 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -44,12 +44,10 @@ static const struct option options[] = { }; static int -do_output(struct nft_handle *h, const char *tablename, bool counters) +__do_output(struct nft_handle *h, const char *tablename, bool counters) { struct nftnl_chain_list *chain_list; - if (!tablename) - return nft_for_each_table(h, do_output, counters) ? 1 : 0; if (!nft_table_find(h, tablename)) { printf("Table `%s' does not exist\n", tablename); @@ -80,6 +78,22 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) return 0; } +static int +do_output(struct nft_handle *h, const char *tablename, bool counters) +{ + int ret; + + if (!tablename) { + ret = nft_for_each_table(h, __do_output, counters); + nft_check_xt_legacy(h->family, true); + return !!ret; + } + + ret = __do_output(h, tablename, counters); + nft_check_xt_legacy(h->family, true); + return ret; +} + /* Format: * :Chain name POLICY packets bytes * rule |