xtables-save: Ignore uninteresting tables

When running iptables-nft-save with other tables present, the dump
succeeded but the tool complained about those other tables. In an
environment where iptables-nft and nftables are uses in parallel, this
is an expected situation, so only complain about incompatible builtin
tables.

While being at it, move the table existence check from __do_output()
into do_output() since the former may be called from
nft_for_each_table() in which case the table is guaranteed to exist.

Also use nft_table_builtin_find() in nft_is_table_compatible() instead
of open-coding the search by name in h->tables.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/nft.c b/iptables/nft.c
index 61bed525489072e7e937cac492f110a324b9d686..48198edf4573c867d6aedfeb6572089aa2d39c4a 100644 (file)
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -3195,14 +3195,7 @@ bool nft_is_table_compatible(struct nft_handle *h, const char *tablename)
        struct nftnl_rule *rule;
        int ret = 0, i;
 
-       for (i = 0; i < TABLES_MAX; i++) {
-               if (!h->tables[i].name)
-                       continue;
-               if (strcmp(h->tables[i].name, tablename) == 0)
-                       break;
-       }
-
-       if (i == TABLES_MAX)
+       if (!nft_table_builtin_find(h, tablename))
                return false;
 
        ret = nft_are_chains_compatible(h, tablename);

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 6734c6b315872d62b37563384ab78c60fc6a8e80..53ce4b87febf2d9e55362952752ad05455195669 100644 (file)
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -49,13 +49,10 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters)
        struct nftnl_chain_list *chain_list;
 
 
-       if (!nft_table_find(h, tablename)) {
-               printf("Table `%s' does not exist\n", tablename);
-               return 1;
-       }
-
        if (!nft_is_table_compatible(h, tablename)) {
-               printf("# Table `%s' is incompatible, use 'nft' tool.\n", tablename);
+               if (!nft_table_builtin_find(h, tablename))
+                       printf("# Table `%s' is incompatible, use 'nft' tool.\n",
+                              tablename);
                return 0;
        }
 
@@ -89,6 +86,11 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
                return !!ret;
        }
 
+       if (!nft_table_find(h, tablename)) {
+               printf("Table `%s' does not exist\n", tablename);
+               return 1;
+       }
+
        ret = __do_output(h, tablename, counters);
        nft_check_xt_legacy(h->family, true);
        return ret;