xtables-save: Fix table compatibility check

The builtin table check guarding the 'is incompatible' warning was
wrong: The idea was to print the warning only for incompatible tables
which are builtin, not for others. Yet the code would print the warning
only for non-builtin ones.

Also reorder the checks: nft_table_builtin_find() is fast and therefore
a quick way to bail for uninteresting tables. The compatibility check is
needed for the remaining tables, only.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 0cf11f998cc77ef83734bf5c2cde512f57ad5a64..811ec6330a4cb882f273affe4db08558d533a050 100644 (file)
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -67,11 +67,12 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters)
 {
        struct nftnl_chain_list *chain_list;
 
+       if (!nft_table_builtin_find(h, tablename))
+               return 0;
 
        if (!nft_is_table_compatible(h, tablename)) {
-               if (!nft_table_builtin_find(h, tablename))
-                       printf("# Table `%s' is incompatible, use 'nft' tool.\n",
-                              tablename);
+               printf("# Table `%s' is incompatible, use 'nft' tool.\n",
+                      tablename);
                return 0;
        }