[iptables] iptables-save: module loading corrections

Patrick McHardy netfilter-cvslog-bounces at lists.netfilter.org
Fri Mar 20 19:41:40 CET 2009


Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=fbb5639c02218acfd84c4f25f134efecb564fee1
commit fbb5639c02218acfd84c4f25f134efecb564fee1
Author:     Jan Engelhardt <jengelh at medozas.de>
AuthorDate: Thu Mar 19 16:57:35 2009 +0100
Commit:     Jan Engelhardt <jengelh at medozas.de>
CommitDate: Thu Mar 19 16:57:35 2009 +0100

    iptables-save: module loading corrections
    
    1. Ignore the absence of /proc/net/ip_tables_names, which happens
    when x_tables.ko is not loaded. This is equivalent to having
    x_tables.ko, but no tabe modules, loaded. As such, success should
    be returned.
    
    2. Load table when explicitly requested by the -t option. Users might
    expect "*foo" etc. to be output when `iptables-save -t foo` is
    executed. So do autoload x_tables.ko and the table in this case.
    
    *. Do this for both iptables-save and ip6tables-save, and adjust
    the manpages for the new -M (modprobe program location) option that
    is introduced.
    
    Based upon a patch by Soren Hansen.
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>
       via  fbb5639c02218acfd84c4f25f134efecb564fee1 (commit)
      from  421157976351606bee0d2a33acee89178521f78a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fbb5639c02218acfd84c4f25f134efecb564fee1
Author: Jan Engelhardt <jengelh at medozas.de>
Date:   Thu Mar 19 16:57:35 2009 +0100

    iptables-save: module loading corrections
    
    1. Ignore the absence of /proc/net/ip_tables_names, which happens
    when x_tables.ko is not loaded. This is equivalent to having
    x_tables.ko, but no tabe modules, loaded. As such, success should
    be returned.
    
    2. Load table when explicitly requested by the -t option. Users might
    expect "*foo" etc. to be output when `iptables-save -t foo` is
    executed. So do autoload x_tables.ko and the table in this case.
    
    *. Do this for both iptables-save and ip6tables-save, and adjust
    the manpages for the new -M (modprobe program location) option that
    is introduced.
    
    Based upon a patch by Soren Hansen.
    
    Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

-----------------------------------------------------------------------

 ip6tables-save.8 |    6 +++++-
 ip6tables-save.c |   12 +++++++++---
 iptables-save.8  |    6 +++++-
 iptables-save.c  |   12 +++++++++---
 4 files changed, 28 insertions(+), 8 deletions(-)
1. Ignore the absence of /proc/net/ip_tables_names, which happens
when x_tables.ko is not loaded. This is equivalent to having
x_tables.ko, but no tabe modules, loaded. As such, success should
be returned.

2. Load table when explicitly requested by the -t option. Users might
expect "*foo" etc. to be output when `iptables-save -t foo` is
executed. So do autoload x_tables.ko and the table in this case.

*. Do this for both iptables-save and ip6tables-save, and adjust
the manpages for the new -M (modprobe program location) option that
is introduced.

Based upon a patch by Soren Hansen.

Signed-off-by: Jan Engelhardt <jengelh at medozas.de>

diff --git a/ip6tables-save.8 b/ip6tables-save.8
index c8b3e96..47eb44a 100644
--- a/ip6tables-save.8
+++ b/ip6tables-save.8
@@ -21,7 +21,7 @@
 .SH NAME
 ip6tables-save \- Save IPv6 Tables
 .SH SYNOPSIS
-.BR "ip6tables-save " "[-c] [-t table]"
+.BR "ip6tables-save " "[-M modprobe] [-c] [-t table]"
 .br
 .SH DESCRIPTION
 .PP
@@ -29,6 +29,10 @@ ip6tables-save \- Save IPv6 Tables
 is used to dump the contents of an IPv6 Table in easily parseable format
 to STDOUT. Use I/O-redirection provided by your shell to write to a file.
 .TP
+\fB\-M\fP \fImodprobe_program\fP
+Specify the path to the modprobe program. By default, iptables-save will
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
+.TP
 \fB\-c\fR, \fB\-\-counters\fR
 include the current values of all packet and byte counters in the output
 .TP
diff --git a/ip6tables-save.c b/ip6tables-save.c
index 55010c4..97205c1 100644
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -29,6 +29,7 @@ static const struct option options[] = {
 	{.name = "counters", .has_arg = false, .val = 'c'},
 	{.name = "dump",     .has_arg = false, .val = 'd'},
 	{.name = "table",    .has_arg = true,  .val = 't'},
+	{.name = "modprobe", .has_arg = true,  .val = 'M'},
 	{NULL},
 };
 
@@ -42,9 +43,7 @@ static int for_each_table(int (*func)(const char *tablename))
 
 	procfile = fopen("/proc/net/ip6_tables_names", "r");
 	if (!procfile)
-		xtables_error(OTHER_PROBLEM,
-			   "Unable to open /proc/net/ip6_tables_names: %s\n",
-			   strerror(errno));
+		return ret;
 
 	while (fgets(tablename, sizeof(tablename), procfile)) {
 		if (tablename[strlen(tablename) - 1] != '\n')
@@ -68,6 +67,10 @@ static int do_output(const char *tablename)
 		return for_each_table(&do_output);
 
 	h = ip6tc_init(tablename);
+	if (h == NULL) {
+		xtables_load_ko(xtables_modprobe_program, false);
+		h = ip6tc_init(tablename);
+	}
 	if (!h)
 		xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
 			   ip6tc_strerror(errno));
@@ -162,6 +165,9 @@ int main(int argc, char *argv[])
 			/* Select specific table. */
 			tablename = optarg;
 			break;
+		case 'M':
+			xtables_modprobe_program = optarg;
+			break;
 		case 'd':
 			do_output(tablename);
 			exit(0);
diff --git a/iptables-save.8 b/iptables-save.8
index f9c7d65..de5fd48 100644
--- a/iptables-save.8
+++ b/iptables-save.8
@@ -21,7 +21,7 @@
 .SH NAME
 iptables-save \- Save IP Tables
 .SH SYNOPSIS
-.BR "iptables-save " "[-c] [-t table]"
+.BR "iptables-save " "[-M modprobe] [-c] [-t table]"
 .br
 .SH DESCRIPTION
 .PP
@@ -29,6 +29,10 @@ iptables-save \- Save IP Tables
 is used to dump the contents of an IP Table in easily parseable format
 to STDOUT. Use I/O-redirection provided by your shell to write to a file.
 .TP
+\fB\-M\fP \fImodprobe_program\fP
+Specify the path to the modprobe program. By default, iptables-save will
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
+.TP
 \fB\-c\fR, \fB\-\-counters\fR
 include the current values of all packet and byte counters in the output
 .TP
diff --git a/iptables-save.c b/iptables-save.c
index 55cfe6a..6000b49 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -28,6 +28,7 @@ static const struct option options[] = {
 	{.name = "counters", .has_arg = false, .val = 'c'},
 	{.name = "dump",     .has_arg = false, .val = 'd'},
 	{.name = "table",    .has_arg = true,  .val = 't'},
+	{.name = "modprobe", .has_arg = true,  .val = 'M'},
 	{NULL},
 };
 
@@ -40,9 +41,7 @@ static int for_each_table(int (*func)(const char *tablename))
 
 	procfile = fopen("/proc/net/ip_tables_names", "r");
 	if (!procfile)
-		xtables_error(OTHER_PROBLEM,
-			   "Unable to open /proc/net/ip_tables_names: %s\n",
-			   strerror(errno));
+		return ret;
 
 	while (fgets(tablename, sizeof(tablename), procfile)) {
 		if (tablename[strlen(tablename) - 1] != '\n')
@@ -66,6 +65,10 @@ static int do_output(const char *tablename)
 		return for_each_table(&do_output);
 
 	h = iptc_init(tablename);
+	if (h == NULL) {
+		xtables_load_ko(xtables_modprobe_program, false);
+		h = iptc_init(tablename);
+	}
 	if (!h)
 		xtables_error(OTHER_PROBLEM, "Cannot initialize: %s\n",
 			   iptc_strerror(errno));
@@ -162,6 +165,9 @@ main(int argc, char *argv[])
 			/* Select specific table. */
 			tablename = optarg;
 			break;
+		case 'M':
+			xtables_modprobe_program = optarg;
+			break;
 		case 'd':
 			do_output(tablename);
 			exit(0);



More information about the netfilter-cvslog mailing list