diff options
author | Phil Sutter <phil@nwl.cc> | 2018-09-10 23:32:34 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-09-18 00:04:43 +0200 |
commit | 2a68be109c4aac64b4cc9143d0aaa1bb8d77c5d4 (patch) | |
tree | 23f45e63c077eca9a4c7912bde165b5c0e9186ee /iptables/nft.c | |
parent | f9efc8cb79c0f2329b3845faaf73b20524ea83ab (diff) |
xtables-save: Ignore uninteresting tables
When running iptables-nft-save with other tables present, the dump
succeeded but the tool complained about those other tables. In an
environment where iptables-nft and nftables are uses in parallel, this
is an expected situation, so only complain about incompatible builtin
tables.
While being at it, move the table existence check from __do_output()
into do_output() since the former may be called from
nft_for_each_table() in which case the table is guaranteed to exist.
Also use nft_table_builtin_find() in nft_is_table_compatible() instead
of open-coding the search by name in h->tables.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'iptables/nft.c')
-rw-r--r-- | iptables/nft.c | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/iptables/nft.c b/iptables/nft.c index 61bed525..48198edf 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3195,14 +3195,7 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename) struct nftnl_rule *rule; int ret = 0, i; - for (i = 0; i < TABLES_MAX; i++) { - if (!h->tables[i].name) - continue; - if (strcmp(h->tables[i].name, tablename) == 0) - break; - } - - if (i == TABLES_MAX) + if (!nft_table_builtin_find(h, tablename)) return false; ret = nft_are_chains_compatible(h, tablename); |