summaryrefslogtreecommitdiffstats
path: root/iptables
diff options
context:
space:
mode:
Diffstat (limited to 'iptables')
-rw-r--r--iptables/nft.c32
-rw-r--r--iptables/nft.h5
-rw-r--r--iptables/xtables-save.c2
3 files changed, 29 insertions, 10 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index 7e019d54..12cc423c 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2192,12 +2192,10 @@ int nft_rule_list(struct nft_handle *h, const char *chain, const char *table,
bool found = false;
nft_xt_builtin_init(h, table);
+ nft_assert_table_compatible(h, table, chain);
ops = nft_family_ops_lookup(h->family);
- if (!nft_is_table_compatible(h, table))
- xtables_error(OTHER_PROBLEM, "table `%s' is incompatible, use 'nft' tool.\n", table);
-
list = nft_chain_list_get(h, table, chain);
if (!list)
return 0;
@@ -2295,9 +2293,7 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
int ret = 0;
nft_xt_builtin_init(h, table);
-
- if (!nft_is_table_compatible(h, table))
- xtables_error(OTHER_PROBLEM, "table `%s' is incompatible, use 'nft' tool.\n", table);
+ nft_assert_table_compatible(h, table, chain);
list = nft_chain_list_get(h, table, chain);
if (!list)
@@ -3085,11 +3081,12 @@ static int nft_is_chain_compatible(struct nftnl_chain *c, void *data)
return 0;
}
-bool nft_is_table_compatible(struct nft_handle *h, const char *tablename)
+bool nft_is_table_compatible(struct nft_handle *h,
+ const char *table, const char *chain)
{
struct nftnl_chain_list *clist;
- clist = nft_chain_list_get(h, tablename, NULL);
+ clist = nft_chain_list_get(h, table, chain);
if (clist == NULL)
return false;
@@ -3098,3 +3095,22 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename)
return true;
}
+
+void nft_assert_table_compatible(struct nft_handle *h,
+ const char *table, const char *chain)
+{
+ const char *pfx = "", *sfx = "";
+
+ if (nft_is_table_compatible(h, table, chain))
+ return;
+
+ if (chain) {
+ pfx = "chain `";
+ sfx = "' in ";
+ } else {
+ chain = "";
+ }
+ xtables_error(OTHER_PROBLEM,
+ "%s%s%stable `%s' is incompatible, use 'nft' tool.\n",
+ pfx, chain, sfx, table);
+}
diff --git a/iptables/nft.h b/iptables/nft.h
index 9ae3122a..4b8b3033 100644
--- a/iptables/nft.h
+++ b/iptables/nft.h
@@ -206,7 +206,10 @@ int nft_arp_rule_insert(struct nft_handle *h, const char *chain,
void nft_rule_to_arpt_entry(struct nftnl_rule *r, struct arpt_entry *fw);
-bool nft_is_table_compatible(struct nft_handle *h, const char *name);
+bool nft_is_table_compatible(struct nft_handle *h,
+ const char *table, const char *chain);
+void nft_assert_table_compatible(struct nft_handle *h,
+ const char *table, const char *chain);
int ebt_set_user_chain_policy(struct nft_handle *h, const char *table,
const char *chain, const char *policy);
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index e234425d..44687f99 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -77,7 +77,7 @@ __do_output(struct nft_handle *h, const char *tablename, void *data)
if (!nft_table_builtin_find(h, tablename))
return 0;
- if (!nft_is_table_compatible(h, tablename)) {
+ if (!nft_is_table_compatible(h, tablename, NULL)) {
printf("# Table `%s' is incompatible, use 'nft' tool.\n",
tablename);
return 0;