| Message ID | 20190720163026.15410-6-phil@nwl.cc |
|---|---|
| State | Changes Requested |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | Larger xtables-save review | expand |
diff --git a/iptables/xtables-save.c b/iptables/xtables-save.c index 0cf11f998cc77..811ec6330a4cb 100644 --- a/iptables/xtables-save.c +++ b/iptables/xtables-save.c @@ -67,11 +67,12 @@ __do_output(struct nft_handle *h, const char *tablename, bool counters) { struct nftnl_chain_list *chain_list; + if (!nft_table_builtin_find(h, tablename)) + return 0; if (!nft_is_table_compatible(h, tablename)) { - if (!nft_table_builtin_find(h, tablename)) - printf("# Table `%s' is incompatible, use 'nft' tool.\n", - tablename); + printf("# Table `%s' is incompatible, use 'nft' tool.\n", + tablename); return 0; }
The builtin table check guarding the 'is incompatible' warning was wrong: The idea was to print the warning only for incompatible tables which are builtin, not for others. Yet the code would print the warning only for non-builtin ones. Also reorder the checks: nft_table_builtin_find() is fast and therefore a quick way to bail for uninteresting tables. The compatibility check is needed for the remaining tables, only. Signed-off-by: Phil Sutter <phil@nwl.cc> --- iptables/xtables-save.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)