diff options
author | Phil Sutter <phil@nwl.cc> | 2019-07-22 12:16:21 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-23 21:14:40 +0200 |
commit | 9449b90ec24cd71c4fe4212ed4970074e54dfa8a (patch) | |
tree | 7d35800da9e67bb24ea1cecf3a9e7e9f3cce3cff | |
parent | 8efec49e8684e8102cb69dc19c5ba07270b0f435 (diff) | |
download | platform_external_iptables-9449b90ec24cd71c4fe4212ed4970074e54dfa8a.tar.gz platform_external_iptables-9449b90ec24cd71c4fe4212ed4970074e54dfa8a.tar.bz2 platform_external_iptables-9449b90ec24cd71c4fe4212ed4970074e54dfa8a.zip |
xtables-save: Fix table compatibility check
The builtin table check guarding the 'is incompatible' warning was
wrong: The idea was to print the warning only for incompatible tables
which are builtin, not for others. Yet the code would print the warning
only for non-builtin ones.
Also reorder the checks: nft_table_builtin_find() is fast and therefore
a quick way to bail for uninteresting tables. The compatibility check is
needed for the remaining tables, only.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | iptables/xtables-save.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 0cf11f99..811ec633 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -67,11 +67,12 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters) { struct nftnl_chain_list *chain_list; + if (!nft_table_builtin_find(h, tablename)) + return 0; if (!nft_is_table_compatible(h, tablename)) { - if (!nft_table_builtin_find(h, tablename)) - printf("# Table `%s' is incompatible, use 'nft' tool.\n", - tablename); + printf("# Table `%s' is incompatible, use 'nft' tool.\n", + tablename); return 0; } |