On Thursday 2009-03-19 16:43, Soren Hansen wrote:
>On Thu, Mar 19, 2009 at 03:31:25PM +0100, Jan Engelhardt wrote:
>>>How about the case where someone calls "iptables-save -t foo"? Should
>>>that just return an empty string and exit(0), should it attempt module
>>>load to see if that's even a valid table or something entirely
>>>different?
>>
>> It should load x_tables.ko and the table... I have a suspicion
>> some unknown users might expect to see "*foo" when using -t.
>
>Alright. This patch should make everyone happy, then..
>
>Index: iptables-1.4.1.1/iptables-save.c
The one who has to merge it - not.
Here is a reworked version that also adds the missing IPv6
and manpage bits, pullable from the usual place at
git://dev.medozas.de/iptables master
---8<---
iptables-save: module loading corrections
1. Ignore the absence of /proc/net/ip_tables_names, which happens
when x_tables.ko is not loaded. This is equivalent to having
x_tables.ko, but no tabe modules, loaded. As such, success should
be returned.
2. Load table when explicitly requested by the -t option. Users might
expect "*foo" etc. to be output when `iptables-save -t foo` is
executed. So do autoload x_tables.ko and the table in this case.
*. Do this for both iptables-save and ip6tables-save, and adjust
the manpages for the new -M (modprobe program location) option that
is introduced.
Based upon a patch by Soren Hansen.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxx>
---
ip6tables-save.8 | 6 +++++-
ip6tables-save.c | 12 +++++++++---
iptables-save.8 | 6 +++++-
iptables-save.c | 12 +++++++++---
4 files changed, 28 insertions(+), 8 deletions(-)
diff --git a/ip6tables-save.8 b/ip6tables-save.8
index c8b3e96..47eb44a 100644
--- a/ip6tables-save.8
+++ b/ip6tables-save.8
@@ -21,7 +21,7 @@
.SH NAME
ip6tables-save \- Save IPv6 Tables
.SH SYNOPSIS
-.BR "ip6tables-save " "[-c] [-t table]"
+.BR "ip6tables-save " "[-M modprobe] [-c] [-t table]"
.br
.SH DESCRIPTION
.PP
@@ -29,6 +29,10 @@ ip6tables-save \- Save IPv6 Tables
is used to dump the contents of an IPv6 Table in easily parseable format
to STDOUT. Use I/O-redirection provided by your shell to write to a file.
.TP
+\fB\-M\fP \fImodprobe_program\fP
+Specify the path to the modprobe program. By default, iptables-save will
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
+.TP
\fB\-c\fR, \fB\-\-counters\fR
include the current values of all packet and byte counters in the output
.TP
diff --git a/ip6tables-save.c b/ip6tables-save.c
index 55010c4..97205c1 100644
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -29,6 +29,7 @@ static const struct option options[] = {
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "dump", .has_arg = false, .val = 'd'},
{.name = "table", .has_arg = true, .val = 't'},
+ {.name = "modprobe", .has_arg = true, .val = 'M'},
{NULL},
};
@@ -42,9 +43,7 @@ static int for_each_table(int (*func)(const char *tablename))
procfile = fopen("/proc/net/ip6_tables_names", "r");
if (!procfile)
- xtables_error(OTHER_PROBLEM,
- "Unable to open /proc/net/ip6_tables_names: %s\n",
- strerror(errno));
+ return ret;
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
@@ -68,6 +67,10 @@ static int do_output(const char *tablename)
return for_each_table(&do_output);
h = ip6tc_init(tablename);
+ if (h == NULL) {
+ xtables_load_ko(xtables_modprobe_program, false);
+ h = ip6tc_init(tablename);
+ }
if (!h)
xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
ip6tc_strerror(errno));
@@ -162,6 +165,9 @@ int main(int argc, char *argv[])
/* Select specific table. */
tablename = optarg;
break;
+ case 'M':
+ xtables_modprobe_program = optarg;
+ break;
case 'd':
do_output(tablename);
exit(0);
diff --git a/iptables-save.8 b/iptables-save.8
index f9c7d65..de5fd48 100644
--- a/iptables-save.8
+++ b/iptables-save.8
@@ -21,7 +21,7 @@
.SH NAME
iptables-save \- Save IP Tables
.SH SYNOPSIS
-.BR "iptables-save " "[-c] [-t table]"
+.BR "iptables-save " "[-M modprobe] [-c] [-t table]"
.br
.SH DESCRIPTION
.PP
@@ -29,6 +29,10 @@ iptables-save \- Save IP Tables
is used to dump the contents of an IP Table in easily parseable format
to STDOUT. Use I/O-redirection provided by your shell to write to a file.
.TP
+\fB\-M\fP \fImodprobe_program\fP
+Specify the path to the modprobe program. By default, iptables-save will
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
+.TP
\fB\-c\fR, \fB\-\-counters\fR
include the current values of all packet and byte counters in the output
.TP
diff --git a/iptables-save.c b/iptables-save.c
index 55cfe6a..6000b49 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -28,6 +28,7 @@ static const struct option options[] = {
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "dump", .has_arg = false, .val = 'd'},
{.name = "table", .has_arg = true, .val = 't'},
+ {.name = "modprobe", .has_arg = true, .val = 'M'},
{NULL},
};
@@ -40,9 +41,7 @@ static int for_each_table(int (*func)(const char *tablename))
procfile = fopen("/proc/net/ip_tables_names", "r");
if (!procfile)
- xtables_error(OTHER_PROBLEM,
- "Unable to open /proc/net/ip_tables_names: %s\n",
- strerror(errno));
+ return ret;
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
@@ -66,6 +65,10 @@ static int do_output(const char *tablename)
return for_each_table(&do_output);
h = iptc_init(tablename);
+ if (h == NULL) {
+ xtables_load_ko(xtables_modprobe_program, false);
+ h = iptc_init(tablename);
+ }
if (!h)
xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
iptc_strerror(errno));
@@ -162,6 +165,9 @@ main(int argc, char *argv[])
/* Select specific table. */
tablename = optarg;
break;
+ case 'M':
+ xtables_modprobe_program = optarg;
+ break;
case 'd':
do_output(tablename);
exit(0);
--
# Created with git-export-patch
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
