diff options
-rw-r--r-- | iptables/nft.c | 7 | ||||
-rwxr-xr-x | iptables/tests/shell/testcases/nft-only/0001compat_0 | 21 |
2 files changed, 27 insertions, 1 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 07e15c7a..347a4438 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3006,7 +3006,12 @@ static int nft_are_chains_compatible(struct nft_handle *h, const char *tablename chain = nftnl_chain_list_iter_next(iter); while (chain != NULL) { - if (!nft_chain_builtin(chain)) + const char *chain_table; + + chain_table = nftnl_chain_get_str(chain, NFTNL_CHAIN_TABLE); + + if (strcmp(chain_table, tablename) || + !nft_chain_builtin(chain)) goto next; ret = nft_is_chain_compatible(h, chain); diff --git a/iptables/tests/shell/testcases/nft-only/0001compat_0 b/iptables/tests/shell/testcases/nft-only/0001compat_0 new file mode 100755 index 00000000..4319ea5a --- /dev/null +++ b/iptables/tests/shell/testcases/nft-only/0001compat_0 @@ -0,0 +1,21 @@ +#!/bin/sh + +# test case for bug fixed in +# commit 873c5d5d293991ee3c06aed2b1dfc5764872582f (HEAD -> master) +# xtables: avoid bogus 'is incompatible' warning + +case "$XT_MULTI" in +*/xtables-nft-multi) + nft -v >/dev/null || exit 0 + nft 'add table ip nft-test; add chain ip nft-test foobar { type filter hook forward priority 42; }' || exit 1 + nft 'add table ip6 nft-test; add chain ip6 nft-test foobar { type filter hook forward priority 42; }' || exit 1 + + $XT_MULTI iptables -L -t filter || exit 1 + $XT_MULTI ip6tables -L -t filter || exit 1 + ;; +*) + echo skip $XT_MULTI + ;; +esac + +exit 0 |