Resubmitting as per http://marc.info/?l=netfilter-devel&m=123722008913373&w=2 If the iptables modules are not loaded when iptables-save is run, iptables-save will fail, because it can't open the relevant files in /proc. This patch makes iptables-save attempt to load the modules, and then retries. Index: iptables-1.4.1.1/iptables-save.c =================================================================== --- iptables-1.4.1.1.orig/iptables-save.c 2009-03-16 11:19:25.233429856 +0100 +++ iptables-1.4.1.1/iptables-save.c 2009-03-16 12:42:10.200735326 +0100 @@ -28,17 +28,22 @@ {.name = "counters", .has_arg = false, .val = 'c'}, {.name = "dump", .has_arg = false, .val = 'd'}, {.name = "table", .has_arg = true, .val = 't'}, + {.name = "modprobe", .has_arg = true, .val = 'M'}, {NULL}, }; /* Debugging prototype. */ -static int for_each_table(int (*func)(const char *tablename)) +static int for_each_table(int (*func)(const char *tablename), const char *modprobe) { int ret = 1; FILE *procfile = NULL; char tablename[IPT_TABLE_MAXNAMELEN+1]; procfile = fopen("/proc/net/ip_tables_names", "r"); + if (!procfile) { + load_xtables_ko(modprobe, 0); + procfile = fopen("/proc/net/ip_tables_names", "r"); + } if (!procfile) exit_error(OTHER_PROBLEM, "Unable to open /proc/net/ip_tables_names: %s\n", @@ -57,15 +62,20 @@ } -static int do_output(const char *tablename) +static int do_output(const char *tablename, const char *modprobe) { iptc_handle_t h; const char *chain = NULL; if (!tablename) - return for_each_table(&do_output); + return for_each_table(&do_output, modprobe); h = iptc_init(tablename); + if (!h) { + load_xtables_ko(modprobe, 0); + h = iptc_init(tablename); + } + if (!h) exit_error(OTHER_PROBLEM, "Can't initialize: %s\n", iptc_strerror(errno)); @@ -134,6 +144,7 @@ #endif { const char *tablename = NULL; + const char *modprobe = NULL; int c; program_name = "iptables-save"; @@ -152,7 +163,7 @@ init_extensions(); #endif - while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, "bcdt:M:", options, NULL)) != -1) { switch (c) { case 'b': show_binary = 1; @@ -166,8 +177,11 @@ /* Select specific table. */ tablename = optarg; break; + case 'M': + modprobe = optarg; + break; case 'd': - do_output(tablename); + do_output(tablename, modprobe); exit(0); } } @@ -177,5 +191,5 @@ exit(1); } - return !do_output(tablename); + return !do_output(tablename, modprobe); } -- Soren Hansen | Lead Virtualisation Engineer | Ubuntu Server Team Canonical Ltd. | http://www.ubuntu.com/
Attachment:
signature.asc
Description: Digital signature
