libxtables: Boost rule target checks by announcing chain names

When restoring a ruleset, feed libxtables with chain names from respective lines to avoid an extension search. While the user's intention is clear, this effectively disables the sanity check for clashes with target extensions. But: * The check yielded only a warning and the clashing chain was finally accepted. * Users crafting iptables dumps for feeding into iptables-restore likely know what they're doing. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Florian Westphal <fw@strlen.de>
author: Phil Sutter <phil@nwl.cc> 2022-03-04 12:50:01 +0100
committer: Phil Sutter <phil@nwl.cc> 2022-03-17 09:56:18 +0100
commit: ac4c84cc63d3cc021ca532692885a644fcde4518 (patch)
tree: 9d1eaa5a94948ca1d40041f42290d1f6aec2f7b4 /iptables/iptables-restore.c
parent: f58b0d7406451afbb4b9b6c7888990c964fa7c79 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/iptables/iptables-restore.c b/iptables/iptables-restore.c
index d8f65ce1..4410a587 100644
--- a/iptables/iptables-restore.c
+++ b/iptables/iptables-restore.c
@@ -308,6 +308,7 @@ ip46tables_restore_main(const struct iptables_restore_cb *cb,
 						cb->ops->strerror(errno));
 			}
 
+			xtables_announce_chain(chain);
 			ret = 1;
 
 		} else if (in_table) {
author	Phil Sutter <phil@nwl.cc>	2022-03-04 12:50:01 +0100
committer	Phil Sutter <phil@nwl.cc>	2022-03-17 09:56:18 +0100
commit	ac4c84cc63d3cc021ca532692885a644fcde4518 (patch)
tree	9d1eaa5a94948ca1d40041f42290d1f6aec2f7b4 /iptables/iptables-restore.c
parent	f58b0d7406451afbb4b9b6c7888990c964fa7c79 (diff)