From: Phil Sutter <phil@nwl.cc>
Date: Tue, 14 Aug 2018 18:28:03 +0000 (+0200)
Subject: xtables: Fix for no output in iptables-nft -S
X-Git-Tag: v1.8.1~72
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d9a13dda3d77f750ee755aa0909519240380251;p=thirdparty%2Fiptables.git

xtables: Fix for no output in iptables-nft -S

Just like with 'iptables-nft -L', we have to make sure the standard set
of chains exist for a given table when listing it using '-S' flag.

The added code was just copied over from nft_rule_list() which does the
same.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/nft.c b/iptables/nft.c
index 8c0746dd..8a84998b 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2441,6 +2441,23 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
 	struct nftnl_chain *c;
 	int ret = 1;
 
+	/* If built-in chains don't exist for this table, create them */
+	if (nft_xtables_config_load(h, XTABLES_CONFIG_DEFAULT, 0) < 0) {
+		nft_xt_builtin_init(h, table);
+		/* Force table and chain creation, otherwise first iptables -L
+		 * lists no table/chains.
+		 */
+		if (!list_empty(&h->obj_list)) {
+			nft_commit(h);
+			flush_chain_cache(h, NULL);
+		}
+	}
+
+	if (!nft_is_table_compatible(h, table)) {
+		xtables_error(OTHER_PROBLEM, "table `%s' is incompatible, use 'nft' tool.\n", table);
+		return 0;
+	}
+
 	list = nft_chain_dump(h);
 
 	/* Dump policies and custom chains first */