From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 17 Jul 2013 13:04:19 +0000 (+0200)
Subject: nft: fix selective chain display via -S
X-Git-Tag: v1.6.0~111^2~76
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8dd2627afc462a2591c2f621743cae1a6b98d771;p=thirdparty%2Fiptables.git

nft: fix selective chain display via -S

Before:

% xtables -S INPUT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -j ACCEPT

After:

$ xtables -S INPUT
-P INPUT ACCEPT
-A INPUT -p tcp -j ACCEPT

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/iptables/nft.c b/iptables/nft.c
index 2b9598b9..d98b4538 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -2526,8 +2526,9 @@ list_save(const struct iptables_command_state *cs, struct nft_rule *r,
 }
 
 static int
-nft_rule_list_chain_save(struct nft_handle *h, const char *table,
-			 struct nft_chain_list *list, int counters)
+nft_rule_list_chain_save(struct nft_handle *h, const char *chain,
+			 const char *table, struct nft_chain_list *list,
+			 int counters)
 {
 	struct nft_chain_list_iter *iter;
 	struct nft_chain *c;
@@ -2545,7 +2546,8 @@ nft_rule_list_chain_save(struct nft_handle *h, const char *table,
 		uint32_t policy =
 			nft_chain_attr_get_u32(c, NFT_CHAIN_ATTR_POLICY);
 
-		if (strcmp(table, chain_table) != 0)
+		if (strcmp(table, chain_table) != 0 ||
+		    (chain && strcmp(chain, chain_name) != 0))
 			goto next;
 
 		/* this is a base chain */
@@ -2582,7 +2584,7 @@ int nft_rule_list_save(struct nft_handle *h, const char *chain,
 
 	/* Dump policies and custom chains first */
 	if (!rulenum)
-		nft_rule_list_chain_save(h, table, list, counters);
+		nft_rule_list_chain_save(h, chain, table, list, counters);
 
 	/* Now dump out rules in this table */
 	iter = nft_chain_list_iter_create(list);