From 20eac2ad174e43a3d4a4275c3d44f99c12bd04b9 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 19 Jun 2018 12:02:24 +0200
Subject: xtables: warn in case old-style (set/getsockopt) tables exist

Provide a hint that iptables isn't showing all rules because
its using nfnetlink rather than old set/getsockopt.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 iptables/xtables-save.c | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

(limited to 'iptables/xtables-save.c')

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 1652fbbc..c19c9991 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -44,12 +44,10 @@ static const struct option options[] = {
 };
 
 static int
-do_output(struct nft_handle *h, const char *tablename, bool counters)
+__do_output(struct nft_handle *h, const char *tablename, bool counters)
 {
 	struct nftnl_chain_list *chain_list;
 
-	if (!tablename)
-		return nft_for_each_table(h, do_output, counters) ? 1 : 0;
 
 	if (!nft_table_find(h, tablename)) {
 		printf("Table `%s' does not exist\n", tablename);
@@ -80,6 +78,22 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
 	return 0;
 }
 
+static int
+do_output(struct nft_handle *h, const char *tablename, bool counters)
+{
+	int ret;
+
+	if (!tablename) {
+		ret = nft_for_each_table(h, __do_output, counters);
+		nft_check_xt_legacy(h->family, true);
+		return !!ret;
+	}
+
+	ret = __do_output(h, tablename, counters);
+	nft_check_xt_legacy(h->family, true);
+	return ret;
+}
+
 /* Format:
  * :Chain name POLICY packets bytes
  * rule
-- 
cgit v1.2.3