1 files changed, 15 insertions, 16 deletions

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 92b0c911..5a82cac5 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -68,7 +68,6 @@ struct do_output_data {
 static int
 __do_output(struct nft_handle *h, const char *tablename, void *data)
 {
-	struct nftnl_chain_list *chain_list;
 	struct do_output_data *d = data;
 	time_t now;
 
@@ -79,12 +78,11 @@ __do_output(struct nft_handle *h, const char *tablename, void *data)
 		printf("# Table `%s' is incompatible, use 'nft' tool.\n",
 		       tablename);
 		return 0;
+	} else if (nft_is_table_tainted(h, tablename)) {
+		printf("# Table `%s' contains incompatible base-chains, use 'nft' tool to list them.\n",
+		       tablename);
 	}
 
-	chain_list = nft_chain_list_get(h, tablename, NULL);
-	if (!chain_list)
-		return 0;
-
 	now = time(NULL);
 	printf("# Generated by %s v%s on %s", prog_name,
 	       prog_vers, ctime(&now));
@@ -92,7 +90,8 @@ __do_output(struct nft_handle *h, const char *tablename, void *data)
 	printf("*%s\n", tablename);
 	/* Dump out chain names first,
 	 * thereby preventing dependency conflicts */
-	nftnl_chain_list_foreach(chain_list, nft_chain_save, h);
+	nft_cache_sort_chains(h, tablename);
+	nft_chain_foreach(h, tablename, nft_chain_save, h);
 	nft_rule_save(h, tablename, d->format);
 	if (d->commit)
 		printf("COMMIT\n");
@@ -132,7 +131,6 @@ static int
 xtables_save_main(int family, int argc, char *argv[],
 		  const char *optstring, const struct option *longopts)
 {
-	const struct builtin_table *tables;
 	const char *tablename = NULL;
 	struct do_output_data d = {
 		.format = FMT_NOCOUNTS,
@@ -186,7 +184,7 @@ xtables_save_main(int family, int argc, char *argv[],
 			dump = true;
 			break;
 		case 'V':
-			printf("%s v%s (nf_tables)\n", prog_name, prog_vers);
+			printf("%s v%s\n", prog_name, prog_vers);
 			exit(0);
 		default:
 			fprintf(stderr,
@@ -201,18 +199,18 @@ xtables_save_main(int family, int argc, char *argv[],
 		exit(1);
 	}
 
+	init_extensions();
 	switch (family) {
 	case NFPROTO_IPV4:
-	case NFPROTO_IPV6: /* fallthough, same table */
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
-		init_extensions();
 		init_extensions4();
-#endif
-		tables = xtables_ipv4;
+		d.commit = true;
+		break;
+	case NFPROTO_IPV6:
+		init_extensions6();
 		d.commit = true;
 		break;
 	case NFPROTO_ARP:
-		tables = xtables_arp;
+		init_extensionsa();
 		break;
 	case NFPROTO_BRIDGE: {
 		const char *ctr = getenv("EBTABLES_SAVE_COUNTER");
@@ -223,7 +221,7 @@ xtables_save_main(int family, int argc, char *argv[],
 			d.format &= ~FMT_NOCOUNTS;
 			d.format |= FMT_C_COUNTS | FMT_EBT_SAVE;
 		}
-		tables = xtables_bridge;
+		init_extensionsb();
 		break;
 	}
 	default:
@@ -231,7 +229,7 @@ xtables_save_main(int family, int argc, char *argv[],
 		return 1;
 	}
 
-	if (nft_init(&h, family, tables) < 0) {
+	if (nft_init(&h, family) < 0) {
 		fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
 				xtables_globals.program_name,
 				xtables_globals.program_version,
@@ -241,6 +239,7 @@ xtables_save_main(int family, int argc, char *argv[],
 
 	nft_cache_level_set(&h, NFT_CL_RULES, NULL);
 	nft_cache_build(&h);
+	nft_xt_fake_builtin_chains(&h, tablename, NULL);
 
 	ret = do_output(&h, tablename, &d);
 	nft_fini(&h);