diff options
Diffstat (limited to 'iptables')
-rw-r--r-- | iptables/nft.c | 32 | ||||
-rw-r--r-- | iptables/nft.h | 5 | ||||
-rw-r--r-- | iptables/xtables-save.c | 2 |
3 files changed, 29 insertions, 10 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 7e019d54..12cc423c 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2192,12 +2192,10 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table, bool found = false; nft_xt_builtin_init(h, table); + nft_assert_table_compatible(h, table, chain); ops = nft_family_ops_lookup(h->family); - if (!nft_is_table_compatible(h, table)) - xtables_error(OTHER_PROBLEM, "table `%s' is incompatible, use 'nft' tool.\n", table); - list = nft_chain_list_get(h, table, chain); if (!list) return 0; @@ -2295,9 +2293,7 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain, int ret = 0; nft_xt_builtin_init(h, table); - - if (!nft_is_table_compatible(h, table)) - xtables_error(OTHER_PROBLEM, "table `%s' is incompatible, use 'nft' tool.\n", table); + nft_assert_table_compatible(h, table, chain); list = nft_chain_list_get(h, table, chain); if (!list) @@ -3085,11 +3081,12 @@ static int nft_is_chain_compatible(struct nftnl_chain *c, void *data) return 0; } -bool nft_is_table_compatible(struct nft_handle *h, const char *tablename) +bool nft_is_table_compatible(struct nft_handle *h, + const char *table, const char *chain) { struct nftnl_chain_list *clist; - clist = nft_chain_list_get(h, tablename, NULL); + clist = nft_chain_list_get(h, table, chain); if (clist == NULL) return false; @@ -3098,3 +3095,22 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename) return true; } + +void nft_assert_table_compatible(struct nft_handle *h, + const char *table, const char *chain) +{ + const char *pfx = "", *sfx = ""; + + if (nft_is_table_compatible(h, table, chain)) + return; + + if (chain) { + pfx = "chain `"; + sfx = "' in "; + } else { + chain = ""; + } + xtables_error(OTHER_PROBLEM, + "%s%s%stable `%s' is incompatible, use 'nft' tool.\n", + pfx, chain, sfx, table); +} diff --git a/iptables/nft.h b/iptables/nft.h index 9ae3122a..4b8b3033 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -206,7 +206,10 @@ int nft_arp_rule_insert(struct nft_handle *h, const char *chain, void nft_rule_to_arpt_entry(struct nftnl_rule *r, struct arpt_entry *fw); -bool nft_is_table_compatible(struct nft_handle *h, const char *name); +bool nft_is_table_compatible(struct nft_handle *h, + const char *table, const char *chain); +void nft_assert_table_compatible(struct nft_handle *h, + const char *table, const char *chain); int ebt_set_user_chain_policy(struct nft_handle *h, const char *table, const char *chain, const char *policy); diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index e234425d..44687f99 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -77,7 +77,7 @@ __do_output(struct nft_handle *h, const char *tablename, void *data) if (!nft_table_builtin_find(h, tablename)) return 0; - if (!nft_is_table_compatible(h, tablename)) { + if (!nft_is_table_compatible(h, tablename, NULL)) { printf("# Table `%s' is incompatible, use 'nft' tool.\n", tablename); return 0; |