git.ipfire.org Git - thirdparty/iptables.git/commit

author	Florian Westphal <fw@strlen.de>
	Tue, 24 Jul 2018 15:12:24 +0000 (17:12 +0200)
committer	Florian Westphal <fw@strlen.de>
	Tue, 24 Jul 2018 19:29:30 +0000 (21:29 +0200)
commit	f8e29a13fed8de2d1276923638d2d6d9988dd8bb
tree	da01deb1e519c946149ce01da85318cd6b351d11	tree
parent	6ea7579e6fe249e1775e871985be555e22d48778	commit \| diff

xtables: avoid bogus 'is incompatible' warning

when using custom nft tables + iptables-nft, iptables-nft -L
may fail with

iptables v1.8.0 (nf_tables): table `filter' is incompatible, use 'nft' tool.

even if filter table is compatible.

Problem is that the chain cache tracks ALL chains.

The "old" compat-check only walked chains in the table to checked
(filter in this case), now we will see all other
chains including base chains of another table.

It seems better to extend the chain cache long-term to track chains
per table instead, but for now skip the foreign ones.

Reported-by: Eric Garver <e@erig.me>
Fixes: 01e25e264a4c4 ("xtables: add chain cache")
Signed-off-by: Florian Westphal <fw@strlen.de>

iptables/nft.c		diff \| blob \| blame \| history
iptables/tests/shell/testcases/nft-only/0001compat_0	[new file with mode: 0755]	blob