From 9449b90ec24cd71c4fe4212ed4970074e54dfa8a Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 22 Jul 2019 12:16:21 +0200 Subject: xtables-save: Fix table compatibility check The builtin table check guarding the 'is incompatible' warning was wrong: The idea was to print the warning only for incompatible tables which are builtin, not for others. Yet the code would print the warning only for non-builtin ones. Also reorder the checks: nft_table_builtin_find() is fast and therefore a quick way to bail for uninteresting tables. The compatibility check is needed for the remaining tables, only. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- iptables/xtables-save.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'iptables/xtables-save.c') diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 0cf11f99..811ec633 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -67,11 +67,12 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters) { struct nftnl_chain_list *chain_list; + if (!nft_table_builtin_find(h, tablename)) + return 0; if (!nft_is_table_compatible(h, tablename)) { - if (!nft_table_builtin_find(h, tablename)) - printf("# Table `%s' is incompatible, use 'nft' tool.\n", - tablename); + printf("# Table `%s' is incompatible, use 'nft' tool.\n", + tablename); return 0; } -- cgit v1.2.3