This allows xtables-compat to list all builtin tables unless one
contains nft specific expressions.
Tables that do not exist in xtables world are not printed anymore
(but a small hint is shown that such non-printable table(s) exist).
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
iptables/nft.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/iptables/nft.c b/iptables/nft.c
index 7c1e19d60c07..b3d9646d5d7c 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2827,7 +2827,10 @@ static int nft_are_chains_compatible(struct nft_handle *h)
chain = nftnl_chain_list_iter_next(iter);
while (chain != NULL) {
- if (!nft_chain_builtin(chain))
+ const char *table = nftnl_chain_get(chain, NFTNL_CHAIN_TABLE);
+
+ if (!nft_chain_builtin(chain) ||
+ !nft_is_table_compatible(h, table))
goto next;
ret = nft_is_chain_compatible(h, chain);
@@ -2876,10 +2879,14 @@ int nft_is_ruleset_compatible(struct nft_handle *h)
rule = nftnl_rule_list_iter_next(iter);
while (rule != NULL) {
+ if (!nft_is_table_compatible(h,
+ nftnl_rule_get_str(rule, NFTA_RULE_TABLE)))
+ goto next;
+
ret = nft_is_rule_compatible(rule);
if (ret != 0)
break;
-
+next:
rule = nftnl_rule_list_iter_next(iter);
}
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
