On Thu, Mar 19, 2009 at 03:31:25PM +0100, Jan Engelhardt wrote: >>How about the case where someone calls "iptables-save -t foo"? Should >>that just return an empty string and exit(0), should it attempt module >>load to see if that's even a valid table or something entirely >>different? > > It should load x_tables.ko and the table... I have a suspicion > some unknown users might expect to see "*foo" when using -t. Alright. This patch should make everyone happy, then.. Index: iptables-1.4.1.1/iptables-save.c =================================================================== --- iptables-1.4.1.1.orig/iptables-save.c 2009-03-19 16:03:12.800343689 +0100 +++ iptables-1.4.1.1/iptables-save.c 2009-03-19 16:07:45.095342140 +0100 @@ -28,17 +28,21 @@ {.name = "counters", .has_arg = false, .val = 'c'}, {.name = "dump", .has_arg = false, .val = 'd'}, {.name = "table", .has_arg = true, .val = 't'}, + {.name = "modprobe", .has_arg = true, .val = 'M'}, {NULL}, }; /* Debugging prototype. */ -static int for_each_table(int (*func)(const char *tablename)) +static int for_each_table(int (*func)(const char *tablename, const char *modprobe), const char *modprobe) { int ret = 1; FILE *procfile = NULL; char tablename[IPT_TABLE_MAXNAMELEN+1]; procfile = fopen("/proc/net/ip_tables_names", "r"); + if (!procfile) { + exit(0); + } if (!procfile) exit_error(OTHER_PROBLEM, "Unable to open /proc/net/ip_tables_names: %s\n", @@ -50,22 +54,27 @@ "Badly formed tablename `%s'\n", tablename); tablename[strlen(tablename) - 1] = '\0'; - ret &= func(tablename); + ret &= func(tablename, modprobe); } return ret; } -static int do_output(const char *tablename) +static int do_output(const char *tablename, const char *modprobe) { iptc_handle_t h; const char *chain = NULL; if (!tablename) - return for_each_table(&do_output); + return for_each_table(&do_output, modprobe); h = iptc_init(tablename); + if (!h) { + load_xtables_ko(modprobe, 0); + h = iptc_init(tablename); + } + if (!h) exit_error(OTHER_PROBLEM, "Can't initialize: %s\n", iptc_strerror(errno)); @@ -134,6 +143,7 @@ #endif { const char *tablename = NULL; + const char *modprobe = NULL; int c; program_name = "iptables-save"; @@ -152,8 +162,8 @@ init_extensions(); #endif - while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) { - switch (c) { + while ((c = getopt_long(argc, argv, "bcdt:M:", options, NULL)) != -1) { + switch (c) { case 'b': show_binary = 1; break; @@ -166,8 +176,11 @@ /* Select specific table. */ tablename = optarg; break; + case 'M': + modprobe = optarg; + break; case 'd': - do_output(tablename); + do_output(tablename, modprobe); exit(0); } } @@ -177,5 +190,5 @@ exit(1); } - return !do_output(tablename); + return !do_output(tablename, modprobe); } -- Soren Hansen | Lead Virtualisation Engineer | Ubuntu Server Team Canonical Ltd. | http://www.ubuntu.com/
Attachment:
signature.asc
Description: Digital signature