On Thu, Mar 19, 2009 at 04:43:01PM +0100, Soren Hansen wrote:
> On Thu, Mar 19, 2009 at 03:31:25PM +0100, Jan Engelhardt wrote:
> >>How about the case where someone calls "iptables-save -t foo"? Should
> >>that just return an empty string and exit(0), should it attempt module
> >>load to see if that's even a valid table or something entirely
> >>different?
> >
> > It should load x_tables.ko and the table... I have a suspicion
> > some unknown users might expect to see "*foo" when using -t.
>
> Alright. This patch should make everyone happy, then..
Sorry, this is better:
Index: iptables-1.4.1.1/iptables-save.c
===================================================================
--- iptables-1.4.1.1.orig/iptables-save.c 2009-03-19 16:08:12.571341329 +0100
+++ iptables-1.4.1.1/iptables-save.c 2009-03-19 17:29:54.623322505 +0100
@@ -28,11 +28,12 @@
{.name = "counters", .has_arg = false, .val = 'c'},
{.name = "dump", .has_arg = false, .val = 'd'},
{.name = "table", .has_arg = true, .val = 't'},
+ {.name = "modprobe", .has_arg = true, .val = 'M'},
{NULL},
};
/* Debugging prototype. */
-static int for_each_table(int (*func)(const char *tablename))
+static int for_each_table(int (*func)(const char *tablename, const char *modprobe), const char *modprobe)
{
int ret = 1;
FILE *procfile = NULL;
@@ -40,9 +41,7 @@
procfile = fopen("/proc/net/ip_tables_names", "r");
if (!procfile)
- exit_error(OTHER_PROBLEM,
- "Unable to open /proc/net/ip_tables_names: %s\n",
- strerror(errno));
+ exit(0);
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
@@ -50,22 +49,27 @@
"Badly formed tablename `%s'\n",
tablename);
tablename[strlen(tablename) - 1] = '\0';
- ret &= func(tablename);
+ ret &= func(tablename, modprobe);
}
return ret;
}
-static int do_output(const char *tablename)
+static int do_output(const char *tablename, const char *modprobe)
{
iptc_handle_t h;
const char *chain = NULL;
if (!tablename)
- return for_each_table(&do_output);
+ return for_each_table(&do_output, modprobe);
h = iptc_init(tablename);
+ if (!h) {
+ load_xtables_ko(modprobe, 0);
+ h = iptc_init(tablename);
+ }
+
if (!h)
exit_error(OTHER_PROBLEM, "Can't initialize: %s\n",
iptc_strerror(errno));
@@ -134,6 +138,7 @@
#endif
{
const char *tablename = NULL;
+ const char *modprobe = NULL;
int c;
program_name = "iptables-save";
@@ -152,8 +157,8 @@
init_extensions();
#endif
- while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
- switch (c) {
+ while ((c = getopt_long(argc, argv, "bcdt:M:", options, NULL)) != -1) {
+ switch (c) {
case 'b':
show_binary = 1;
break;
@@ -166,8 +171,11 @@
/* Select specific table. */
tablename = optarg;
break;
+ case 'M':
+ modprobe = optarg;
+ break;
case 'd':
- do_output(tablename);
+ do_output(tablename, modprobe);
exit(0);
}
}
@@ -177,5 +185,5 @@
exit(1);
}
- return !do_output(tablename);
+ return !do_output(tablename, modprobe);
}
--
Soren Hansen |
Lead Virtualisation Engineer | Ubuntu Server Team
Canonical Ltd. | http://www.ubuntu.com/
Attachment:
signature.asc
Description: Digital signature
