[iptables PATCH] xtables-save: Ignore uninteresting tables

Phil Sutter <phil@xxxxxx> · Mon, 10 Sep 2018 23:32:34 +0200

When running iptables-nft-save with other tables present, the dump
succeeded but the tool complained about those other tables. In an
environment where iptables-nft and nftables are uses in parallel, this
is an expected situation, so only complain about incompatible builtin
tables.

While being at it, move the table existence check from __do_output()
into do_output() since the former may be called from
nft_for_each_table() in which case the table is guaranteed to exist.

Also use nft_table_builtin_find() in nft_is_table_compatible() instead
of open-coding the search by name in h->tables.

Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft.c          |  9 +--------
 iptables/xtables-save.c | 14 ++++++++------
 2 files changed, 9 insertions(+), 14 deletions(-)

diff --git a/iptables/nft.c b/iptables/nft.c
index 61bed52548907..48198edf4573c 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3195,14 +3195,7 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename)
 	struct nftnl_rule *rule;
 	int ret = 0, i;
 
-	for (i = 0; i < TABLES_MAX; i++) {
-		if (!h->tables[i].name)
-			continue;
-		if (strcmp(h->tables[i].name, tablename) == 0)
-			break;
-	}
-
-	if (i == TABLES_MAX)
+	if (!nft_table_builtin_find(h, tablename))
 		return false;
 
 	ret = nft_are_chains_compatible(h, tablename);
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 6734c6b315872..53ce4b87febf2 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -49,13 +49,10 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters)
 	struct nftnl_chain_list *chain_list;
 
 
-	if (!nft_table_find(h, tablename)) {
-		printf("Table `%s' does not exist\n", tablename);
-		return 1;
-	}
-
 	if (!nft_is_table_compatible(h, tablename)) {
-		printf("# Table `%s' is incompatible, use 'nft' tool.\n", tablename);
+		if (!nft_table_builtin_find(h, tablename))
+			printf("# Table `%s' is incompatible, use 'nft' tool.\n",
+			       tablename);
 		return 0;
 	}
 
@@ -89,6 +86,11 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
 		return !!ret;
 	}
 
+	if (!nft_table_find(h, tablename)) {
+		printf("Table `%s' does not exist\n", tablename);
+		return 1;
+	}
+
 	ret = __do_output(h, tablename, counters);
 	nft_check_xt_legacy(h->family, true);
 	return ret;
-- 
2.18.0







