diff options
author | Florian Westphal <fw@strlen.de> | 2018-06-19 12:02:24 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-06-25 11:50:51 +0200 |
commit | 20eac2ad174e43a3d4a4275c3d44f99c12bd04b9 (patch) | |
tree | f6f38ec4b33f55394d7930532bdcde7feb3cbed8 /iptables/nft-shared.c | |
parent | c9f5e18d72d3a010e9a53024290f9f4802ada9fd (diff) |
xtables: warn in case old-style (set/getsockopt) tables exist
Provide a hint that iptables isn't showing all rules because
its using nfnetlink rather than old set/getsockopt.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-shared.c')
-rw-r--r-- | iptables/nft-shared.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index b89a3e7b..ed0d0ee9 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -904,3 +904,32 @@ bool nft_ipv46_rule_find(struct nft_family_ops *ops, return true; } + +void nft_check_xt_legacy(int family, bool is_ipt_save) +{ + static const char tables6[] = "/proc/net/ip6_tables_names"; + static const char tables4[] = "/proc/net/ip_tables_names"; + const char *prefix = "ip"; + FILE *fp = NULL; + char buf[1024]; + + switch (family) { + case NFPROTO_IPV4: + fp = fopen(tables4, "r"); + break; + case NFPROTO_IPV6: + fp = fopen(tables6, "r"); + prefix = "ip6"; + break; + default: + break; + } + + if (!fp) + return; + + if (fgets(buf, sizeof(buf), fp)) + fprintf(stderr, "# Warning: %stables-legacy tables present, use %stables-legacy%s to see them\n", + prefix, prefix, is_ipt_save ? "-save" : ""); + fclose(fp); +} |