@@ -455,6 +455,7 @@ void xtables_restore_parse(struct nft_handle *h,
static int
xtables_restore_main(int family, const char *progname, int argc, char *argv[])
{
+ struct builtin_table *tables;
struct nft_handle h = {
.family = family,
.restore = true,
@@ -472,18 +473,6 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
xtables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensions();
- init_extensions4();
-#endif
-
- if (nft_init(&h, xtables_ipv4) < 0) {
- fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
- xtables_globals.program_name,
- xtables_globals.program_version,
- strerror(errno));
- exit(EXIT_FAILURE);
- }
while ((c = getopt_long(argc, argv, "bcvVthnM:T:46wW", options, NULL)) != -1) {
switch (c) {
@@ -546,6 +535,34 @@ xtables_restore_main(int family, const char *progname, int argc, char *argv[])
p.in = stdin;
}
+ switch (family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6: /* fallthough, same table */
+ tables = xtables_ipv4;
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+ init_extensions();
+ init_extensions4();
+#endif
+ break;
+ case NFPROTO_ARP:
+ tables = xtables_arp;
+ break;
+ case NFPROTO_BRIDGE:
+ tables = xtables_bridge;
+ break;
+ default:
+ fprintf(stderr, "Unknown family %d\n", family);
+ return 1;
+ }
+
+ if (nft_init(&h, tables) < 0) {
+ fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+ xtables_globals.program_name,
+ xtables_globals.program_version,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
xtables_restore_parse(&h, &p, &restore_cb, argc, argv);
nft_fini(&h);
@@ -83,6 +83,7 @@ do_output(struct nft_handle *h, const char *tablename, bool counters)
static int
xtables_save_main(int family, const char *progname, int argc, char *argv[])
{
+ struct builtin_table *tables;
const char *tablename = NULL;
bool dump = false;
struct nft_handle h = {
@@ -99,17 +100,6 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[])
xtables_globals.program_version);
exit(1);
}
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
- init_extensions();
- init_extensions4();
-#endif
- if (nft_init(&h, xtables_ipv4) < 0) {
- fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
- xtables_globals.program_name,
- xtables_globals.program_version,
- strerror(errno));
- exit(EXIT_FAILURE);
- }
while ((c = getopt_long(argc, argv, "bcdt:M:f:46", options, NULL)) != -1) {
switch (c) {
@@ -164,6 +154,35 @@ xtables_save_main(int family, const char *progname, int argc, char *argv[])
exit(1);
}
+ switch (family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6: /* fallthough, same table */
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+ init_extensions();
+ init_extensions4();
+#endif
+ tables = xtables_ipv4;
+ break;
+ case NFPROTO_ARP:
+ tables = xtables_arp;
+ break;
+ case NFPROTO_BRIDGE:
+ tables = xtables_bridge;
+ break;
+ default:
+ fprintf(stderr, "Unknown family %d\n", family);
+ return 1;
+ }
+
+ if (nft_init(&h, tables) < 0) {
+ fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
+ xtables_globals.program_name,
+ xtables_globals.program_version,
+ strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+
+
ret = nft_is_ruleset_compatible(&h);
if (ret) {
printf("ERROR: You're using nft features that cannot be mapped to iptables, please keep using nft.\n");
@@ -424,6 +424,7 @@ static int xtables_xlate_main_common(struct nft_handle *h,
int family,
const char *progname)
{
+ struct builtin_table *tables;
int ret;
xtables_globals.program_name = progname;
@@ -435,12 +436,27 @@ static int xtables_xlate_main_common(struct nft_handle *h,
xtables_globals.program_version);
return 1;
}
+ switch (family) {
+ case NFPROTO_IPV4:
+ case NFPROTO_IPV6: /* fallthrough: same table */
#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
init_extensions();
init_extensions4();
#endif
+ tables = xtables_ipv4;
+ break;
+ case NFPROTO_ARP:
+ tables = xtables_arp;
+ break;
+ case NFPROTO_BRIDGE:
+ tables = xtables_bridge;
+ break;
+ default:
+ fprintf(stderr, "Unknown family %d\n", family);
+ return 1;
+ }
- if (nft_init(h, xtables_ipv4) < 0) {
+ if (nft_init(h, tables) < 0) {
fprintf(stderr, "%s/%s Failed to initialize nft: %s\n",
xtables_globals.program_name,
xtables_globals.program_version,
This always uses xtables_ipv4 (which is same as _ipv6). Pass the correct skeleton instead, this is needed to handle ebtables correctly from xt-translate, as it doesn't use ip/ip6 tables. Signed-off-by: Florian Westphal <fw@strlen.de> --- iptables/xtables-restore.c | 41 +++++++++++++++++++++++++++++------------ iptables/xtables-save.c | 41 ++++++++++++++++++++++++++++++----------- iptables/xtables-translate.c | 18 +++++++++++++++++- 3 files changed, 76 insertions(+), 24 deletions(-)