summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--iptables/nft-shared.c29
-rw-r--r--iptables/nft-shared.h1
-rw-r--r--iptables/xtables-save.c20
-rw-r--r--iptables/xtables.c2
4 files changed, 49 insertions, 3 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index b89a3e7b..ed0d0ee9 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -904,3 +904,32 @@ bool nft_ipv46_rule_find(struct nft_family_ops *ops,
return true;
}
+
+void nft_check_xt_legacy(int family, bool is_ipt_save)
+{
+ static const char tables6[] = "/proc/net/ip6_tables_names";
+ static const char tables4[] = "/proc/net/ip_tables_names";
+ const char *prefix = "ip";
+ FILE *fp = NULL;
+ char buf[1024];
+
+ switch (family) {
+ case NFPROTO_IPV4:
+ fp = fopen(tables4, "r");
+ break;
+ case NFPROTO_IPV6:
+ fp = fopen(tables6, "r");
+ prefix = "ip6";
+ break;
+ default:
+ break;
+ }
+
+ if (!fp)
+ return;
+
+ if (fgets(buf, sizeof(buf), fp))
+ fprintf(stderr, "# Warning: %stables-legacy tables present, use %stables-legacy%s to see them\n",
+ prefix, prefix, is_ipt_save ? "-save" : "");
+ fclose(fp);
+}
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index 0108b7f9..6d04b1a4 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -270,4 +270,5 @@ void xtables_restore_parse(struct nft_handle *h,
struct nft_xt_restore_cb *cb,
int argc, char *argv[]);
+void nft_check_xt_legacy(int family, bool is_ipt_save);
#endif
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 1652fbbc..c19c9991 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -44,12 +44,10 @@ static const struct option options[] = {
};
static int
-do_output(struct nft_handle *h, const char *tablename, bool counters)
+__do_output(struct nft_handle *h, const char *tablename, bool counters)
{
struct nftnl_chain_list *chain_list;
- if (!tablename)
- return nft_for_each_table(h, do_output, counters) ? 1 : 0;
if (!nft_table_find(h, tablename)) {
printf("Table `%s' does not exist\n", tablename);
@@ -80,6 +78,22 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
return 0;
}
+static int
+do_output(struct nft_handle *h, const char *tablename, bool counters)
+{
+ int ret;
+
+ if (!tablename) {
+ ret = nft_for_each_table(h, __do_output, counters);
+ nft_check_xt_legacy(h->family, true);
+ return !!ret;
+ }
+
+ ret = __do_output(h, tablename, counters);
+ nft_check_xt_legacy(h->family, true);
+ return ret;
+}
+
/* Format:
* :Chain name POLICY packets bytes
* rule
diff --git a/iptables/xtables.c b/iptables/xtables.c
index e03e8f31..53f94b6f 100644
--- a/iptables/xtables.c
+++ b/iptables/xtables.c
@@ -1238,6 +1238,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
ret = nft_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1);
}
+ nft_check_xt_legacy(h->family, false);
break;
case CMD_LIST_RULES:
case CMD_LIST_RULES|CMD_ZERO:
@@ -1252,6 +1253,7 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table,
ret = nft_rule_zero_counters(h, p.chain, p.table,
p.rulenum - 1);
}
+ nft_check_xt_legacy(h->family, false);
break;
case CMD_NEW_CHAIN:
ret = nft_chain_user_add(h, p.chain, p.table);