From 2a68be109c4aac64b4cc9143d0aaa1bb8d77c5d4 Mon Sep 17 00:00:00 2001 From: Phil Sutter Date: Mon, 10 Sep 2018 23:32:34 +0200 Subject: xtables-save: Ignore uninteresting tables When running iptables-nft-save with other tables present, the dump succeeded but the tool complained about those other tables. In an environment where iptables-nft and nftables are uses in parallel, this is an expected situation, so only complain about incompatible builtin tables. While being at it, move the table existence check from __do_output() into do_output() since the former may be called from nft_for_each_table() in which case the table is guaranteed to exist. Also use nft_table_builtin_find() in nft_is_table_compatible() instead of open-coding the search by name in h->tables. Signed-off-by: Phil Sutter Signed-off-by: Pablo Neira Ayuso --- iptables/nft.c | 9 +-------- iptables/xtables-save.c | 14 ++++++++------ 2 files changed, 9 insertions(+), 14 deletions(-) (limited to 'iptables') diff --git a/iptables/nft.c b/iptables/nft.c index 61bed525..48198edf 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -3195,14 +3195,7 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename) struct nftnl_rule *rule; int ret = 0, i; - for (i = 0; i < TABLES_MAX; i++) { - if (!h->tables[i].name) - continue; - if (strcmp(h->tables[i].name, tablename) == 0) - break; - } - - if (i == TABLES_MAX) + if (!nft_table_builtin_find(h, tablename)) return false; ret = nft_are_chains_compatible(h, tablename); diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 6734c6b3..53ce4b87 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -49,13 +49,10 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters) struct nftnl_chain_list *chain_list; - if (!nft_table_find(h, tablename)) { - printf("Table `%s' does not exist\n", tablename); - return 1; - } - if (!nft_is_table_compatible(h, tablename)) { - printf("# Table `%s' is incompatible, use 'nft' tool.\n", tablename); + if (!nft_table_builtin_find(h, tablename)) + printf("# Table `%s' is incompatible, use 'nft' tool.\n", + tablename); return 0; } @@ -89,6 +86,11 @@ do_output(struct nft_handle *h, const char *tablename, bool counters) return !!ret; } + if (!nft_table_find(h, tablename)) { + printf("Table `%s' does not exist\n", tablename); + return 1; + } + ret = __do_output(h, tablename, counters); nft_check_xt_legacy(h->family, true); return ret; -- cgit v1.2.3