diff options
| author | Phil Sutter <phil@nwl.cc> | 2018-09-10 23:32:34 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-09-18 00:04:43 +0200 |
| commit | 2a68be109c4aac64b4cc9143d0aaa1bb8d77c5d4 (patch) | |
| tree | 23f45e63c077eca9a4c7912bde165b5c0e9186ee | |
| parent | f9efc8cb79c0f2329b3845faaf73b20524ea83ab (diff) | |
xtables-save: Ignore uninteresting tables
When running iptables-nft-save with other tables present, the dump
succeeded but the tool complained about those other tables. In an
environment where iptables-nft and nftables are uses in parallel, this
is an expected situation, so only complain about incompatible builtin
tables.
While being at it, move the table existence check from __do_output()
into do_output() since the former may be called from
nft_for_each_table() in which case the table is guaranteed to exist.
Also use nft_table_builtin_find() in nft_is_table_compatible() instead
of open-coding the search by name in h->tables.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | iptables/nft.c | 9 | ||||
| -rw-r--r-- | iptables/xtables-save.c | 14 |
2 files changed, 9 insertions, 14 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 61bed525..48198edf 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3195,14 +3195,7 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename) struct nftnl_rule *rule; int ret = 0, i; - for (i = 0; i < TABLES_MAX; i++) { - if (!h->tables[i].name) - continue; - if (strcmp(h->tables[i].name, tablename) == 0) - break; - } - - if (i == TABLES_MAX) + if (!nft_table_builtin_find(h, tablename)) return false; ret = nft_are_chains_compatible(h, tablename); diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 6734c6b3..53ce4b87 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -49,13 +49,10 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters) struct nftnl_chain_list *chain_list; - if (!nft_table_find(h, tablename)) { - printf("Table `%s' does not exist\n", tablename); - return 1; - } - if (!nft_is_table_compatible(h, tablename)) { - printf("# Table `%s' is incompatible, use 'nft' tool.\n", tablename); + if (!nft_table_builtin_find(h, tablename)) + printf("# Table `%s' is incompatible, use 'nft' tool.\n", + tablename); return 0; } @@ -89,6 +86,11 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) return !!ret; } + if (!nft_table_find(h, tablename)) { + printf("Table `%s' does not exist\n", tablename); + return 1; + } + ret = __do_output(h, tablename, counters); nft_check_xt_legacy(h->family, true); return ret; |