diff options
| author | Florian Westphal <fw@strlen.de> | 2018-04-12 11:31:42 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2018-05-10 02:31:05 +0200 |
| commit | 651cfee91a8f42336b9d794c838b9f4f480308c9 (patch) | |
| tree | 812b26eb3cb2c212e163bc8f7ca7e53aee3ac411 /iptables/xtables-save.c | |
| parent | 652b98e79371102f8e5edf572a7a5c2aa282c51a (diff) | |
xtables-compat: pass correct table skeleton
This always uses xtables_ipv4 (which is same as _ipv6).
Pass the correct skeleton instead, this is needed to handle ebtables
correctly from xt-translate, as it doesn't use ip/ip6 tables.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/xtables-save.c')
| -rw-r--r-- | iptables/xtables-save.c | 41 |
1 files changed, 30 insertions, 11 deletions
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index e5401daf..1f643593 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -83,6 +83,7 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) static int xtables_save_main(int family, const char *progname, int argc, char *argv[]) { + struct builtin_table *tables; const char *tablename = NULL; bool dump = false; struct nft_handle h = { @@ -99,17 +100,6 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[]) xtables_globals.program_version); exit(1); } -#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) - init_extensions(); - init_extensions4(); -#endif - if (nft_init(&h, xtables_ipv4) < 0) { - fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", - xtables_globals.program_name, - xtables_globals.program_version, - strerror(errno)); - exit(EXIT_FAILURE); - } while ((c = getopt_long(argc, argv, "bcdt:M:f:46", options, NULL)) != -1) { switch (c) { @@ -164,6 +154,35 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[]) exit(1); } + switch (family) { + case NFPROTO_IPV4: + case NFPROTO_IPV6: /* fallthough, same table */ +#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) + init_extensions(); + init_extensions4(); +#endif + tables = xtables_ipv4; + break; + case NFPROTO_ARP: + tables = xtables_arp; + break; + case NFPROTO_BRIDGE: + tables = xtables_bridge; + break; + default: + fprintf(stderr, "Unknown family %d\n", family); + return 1; + } + + if (nft_init(&h, tables) < 0) { + fprintf(stderr, "%s/%s Failed to initialize nft: %s\n", + xtables_globals.program_name, + xtables_globals.program_version, + strerror(errno)); + exit(EXIT_FAILURE); + } + + ret = nft_is_ruleset_compatible(&h); if (ret) { printf("ERROR: You're using nft features that cannot be mapped to iptables, please keep using nft.\n"); |