From: Phil Sutter <phil@nwl.cc>
Date: Mon, 22 Jul 2019 10:16:21 +0000 (+0200)
Subject: xtables-save: Fix table compatibility check
X-Git-Tag: v1.8.4~95
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9449b90ec24cd71c4fe4212ed4970074e54dfa8a;p=thirdparty%2Fiptables.git

xtables-save: Fix table compatibility check

The builtin table check guarding the 'is incompatible' warning was
wrong: The idea was to print the warning only for incompatible tables
which are builtin, not for others. Yet the code would print the warning
only for non-builtin ones.

Also reorder the checks: nft_table_builtin_find() is fast and therefore
a quick way to bail for uninteresting tables. The compatibility check is
needed for the remaining tables, only.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c
index 0cf11f99..811ec633 100644
--- a/iptables/xtables-save.c
+++ b/iptables/xtables-save.c
@@ -67,11 +67,12 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters)
 {
 	struct nftnl_chain_list *chain_list;
 
+	if (!nft_table_builtin_find(h, tablename))
+		return 0;
 
 	if (!nft_is_table_compatible(h, tablename)) {
-		if (!nft_table_builtin_find(h, tablename))
-			printf("# Table `%s' is incompatible, use 'nft' tool.\n",
-			       tablename);
+		printf("# Table `%s' is incompatible, use 'nft' tool.\n",
+		       tablename);
 		return 0;
 	}