diff options
author | Florian Westphal <fw@strlen.de> | 2018-04-07 00:44:49 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-04-09 22:53:09 +0200 |
commit | 9d9b724cab2276a1ffa43e8376f2ed10282d07da (patch) | |
tree | 331175080abfab6cdbdecd23f3484620e75577f0 | |
parent | 59d15cfb8998074b2f6077fb5a4a5aea6a002bc7 (diff) |
xtables-compat: skip unsupported tables
Instead of not listing anything at all if an unknown table name
exists, just skip them. Output a small comment that the listing
doesn't include the (unrecognized, nft-created) tables.
Next patch will restrict 'is this table printable in
xtables syntax' check to the "builtin" tables.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | iptables/nft.c | 45 | ||||
-rw-r--r-- | iptables/nft.h | 1 | ||||
-rw-r--r-- | iptables/xtables-save.c | 8 | ||||
-rw-r--r-- | iptables/xtables.c | 3 |
4 files changed, 14 insertions, 43 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index a73c72bd..7c1e19d6 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2842,49 +2842,16 @@ next: return ret; } -static int nft_is_table_compatible(const char *name) +bool nft_is_table_compatible(struct nft_handle *h, const char *name) { int i; for (i = 0; i < TABLES_MAX; i++) { - if (strcmp(xtables_ipv4[i].name, name) == 0) - return 0; - } - - return 1; -} - -static int nft_are_tables_compatible(struct nft_handle *h) -{ - struct nftnl_table_list *list; - struct nftnl_table_list_iter *iter; - struct nftnl_table *table; - int ret = 0; - - list = nftnl_table_list_get(h); - if (list == NULL) - return -1; - - iter = nftnl_table_list_iter_create(list); - if (iter == NULL) - return -1; - - table = nftnl_table_list_iter_next(iter); - while (table != NULL) { - const char *name = nftnl_table_get(table, NFTNL_TABLE_NAME); - - if (nft_is_table_compatible(name) == 0) { - table = nftnl_table_list_iter_next(iter); - continue; - } - - ret = 1; - break; + if (strcmp(h->tables[i].name, name) == 0) + return true; } - nftnl_table_list_iter_destroy(iter); - nftnl_table_list_free(list); - return ret; + return false; } int nft_is_ruleset_compatible(struct nft_handle *h) @@ -2895,10 +2862,6 @@ int nft_is_ruleset_compatible(struct nft_handle *h) struct nftnl_rule *rule; int ret = 0; - ret = nft_are_tables_compatible(h); - if (ret != 0) - return ret; - ret = nft_are_chains_compatible(h); if (ret != 0) return ret; diff --git a/iptables/nft.h b/iptables/nft.h index 41265930..310cedec 100644 --- a/iptables/nft.h +++ b/iptables/nft.h @@ -183,5 +183,6 @@ int nft_arp_rule_insert(struct nft_handle *h, const char *chain, void nft_rule_to_arpt_entry(struct nftnl_rule *r, struct arpt_entry *fw); int nft_is_ruleset_compatible(struct nft_handle *h); +bool nft_is_table_compatible(struct nft_handle *h, const char *name); #endif diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 5b498b04..893b2b93 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -52,6 +52,11 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) return 0; } + if (!nft_is_table_compatible(h, tablename)) { + printf("# Table `%s' is incompatible, use 'nft' tool.\n", tablename); + return 1; + } + chain_list = nft_chain_dump(h); time_t now = time(NULL); @@ -160,7 +165,8 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[]) exit(1); } - if (nft_is_ruleset_compatible(&h) == 1) { + ret = nft_is_ruleset_compatible(&h); + if (ret) { printf("ERROR: You're using nft features that cannot be mapped to iptables, please keep using nft.\n"); exit(EXIT_FAILURE); } diff --git a/iptables/xtables.c b/iptables/xtables.c index ac113254..5410952a 100644 --- a/iptables/xtables.c +++ b/iptables/xtables.c @@ -1225,7 +1225,8 @@ int do_commandx(struct nft_handle *h, int argc, char *argv[], char **table, case CMD_LIST: case CMD_LIST|CMD_ZERO: case CMD_LIST|CMD_ZERO_NUM: - if (nft_is_ruleset_compatible(h) == 1) { + ret = nft_is_ruleset_compatible(h); + if (ret) { printf("ERROR: You're using nft features that cannot be mapped to iptables, please keep using nft.\n"); exit(EXIT_FAILURE); } |