'[PATCH] iptables-restore doesn't load modules ip_tables.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    [PATCH] iptables-restore doesn't load modules ip_tables.
From:       "A. van Schie" <a.van.schie () quicknet ! nl>
Date:       2001-05-31 18:31:38
[Download RAW message or body]

I'm using iptables-restore to initialize my firewall rules.
But it fails when the module ip_tables is not already loaded.

The attached patch fixed that problem, by trying to load the module the same 
way as iptables does it. I added also the --modprobe option, to set the 
module loader (same as by iptables).

The patch includes also the same patch for ip6tables-restore (I didn't test 
it, because I'm not a ipv6 user).

And I will remind you that you didn't patched the ipv6 part of the 
"iptables-save-notarget.patch", probable because of lack of time, into CVS. 
If you want I can mail a changed version (same as the ipv4 patch you did) to 
you.

-- 
Andries van Schie
Let's make the linux-world a safer place to live in ;-)
["iptables-restore-insmod.patch" (text/x-c)]

diff -urN latest/netfilter/userspace/include/iptables_common.h \
                ownlatest/netfilter/userspace/include/iptables_common.h
--- latest/netfilter/userspace/include/iptables_common.h	Sat May 12 11:05:57 2001
+++ ownlatest/netfilter/userspace/include/iptables_common.h	Thu May 31 19:14:52 2001
@@ -11,6 +11,7 @@
 extern void exit_tryhelp(int) __attribute__((noreturn));
 int check_inverse(const char option[], int *invert);
 extern int string_to_number(const char *, int, int);
+extern int iptables_insmod(const char *modname, const char *modprobe);
 void exit_error(enum exittype, char *, ...)__attribute__((noreturn,
 							  format(printf,2,3)));
 extern const char *program_name, *program_version;
diff -urN latest/netfilter/userspace/iptables-restore.c \
                ownlatest/netfilter/userspace/iptables-restore.c
--- latest/netfilter/userspace/iptables-restore.c	Thu May 31 19:22:41 2001
+++ ownlatest/netfilter/userspace/iptables-restore.c	Thu May 31 19:28:29 2001
@@ -30,6 +30,7 @@
 /*	{ "verbose", 1, 0, 'v' }, */
 	{ "help", 0, 0, 'h' },
 	{ "noflush", 0, 0, 'n'},
+	{ "modprobe", 1, 0, 'M'},
 	{ 0 }
 };
 
@@ -42,16 +43,24 @@
 			"	   [ --counters ]\n"
 			"	   [ --verbose ]\n"
 			"	   [ --help ]\n"
-			"	   [ --noflush ]\n", name);
+			"	   [ --noflush ]\n"
+		        "          [ --modprobe=<command>]\n", name);
 		
 	exit(1);
 }
 
-iptc_handle_t create_handle(const char *tablename)
+iptc_handle_t create_handle(const char *tablename, const char* modprobe )
 {
 	iptc_handle_t handle;
 
 	handle = iptc_init(tablename);
+
+	if (!handle) {
+		/* try to insmod the module if iptc_init failed */
+		iptables_insmod("ip_tables", modprobe);
+		handle = iptc_init(tablename);
+	}
+
 	if (!handle) {
 		exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
 			"table '%s'\n", program_name, tablename);
@@ -95,11 +104,12 @@
 	int c;
 	char curtable[IPT_TABLE_MAXNAMELEN + 1];
 	FILE *in;
+	const char *modprobe = 0;
 
 	program_name = "iptables-restore";
 	program_version = NETFILTER_VERSION;
 
-	while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
 		switch (c) {
 			case 'b':
 				binary = 1;
@@ -114,6 +124,9 @@
 			case 'n':
 				noflush = 1;
 				break;
+			case 'M':
+				modprobe = optarg;
+				break;
 		}
 	}
 	
@@ -157,7 +170,7 @@
 			}
 			strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
 
-			handle = create_handle(table);
+			handle = create_handle(table, modprobe);
 			if (noflush == 0) {
 				DEBUGP("Cleaning all chains of table '%s'\n",
 					table);
diff -urN latest/netfilter/userspace/iptables.c \
                ownlatest/netfilter/userspace/iptables.c
--- latest/netfilter/userspace/iptables.c	Thu May 24 16:51:37 2001
+++ ownlatest/netfilter/userspace/iptables.c	Mon May 28 18:44:01 2001
@@ -1551,7 +1551,7 @@
 	return NULL;
 }
 
-static int iptables_insmod(const char *modname, const char *modprobe)
+int iptables_insmod(const char *modname, const char *modprobe)
 {
 	char *buf = NULL;
 	char *argv[3];
diff -urN latest/netfilter/userspace/include/ip6tables.h \
                ownlatest/netfilter/userspace/include/ip6tables.h
--- latest/netfilter/userspace/include/ip6tables.h	Sat May 12 11:05:57 2001
+++ ownlatest/netfilter/userspace/include/ip6tables.h	Thu May 31 19:14:43 2001
@@ -122,5 +122,6 @@
 extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), \
int verbose, int builtinstoo, ip6tc_handle_t *handle);  extern int \
flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);  \
extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t \
*handle); +extern int ip6tables_insmod(const char *modname, const char *modprobe);
 
 #endif /*_IP6TABLES_USER_H*/
diff -urN latest/netfilter/userspace/ip6tables-restore.c \
                ownlatest/netfilter/userspace/ip6tables-restore.c
--- latest/netfilter/userspace/ip6tables-restore.c	Sat May 12 11:05:56 2001
+++ ownlatest/netfilter/userspace/ip6tables-restore.c	Thu May 31 19:11:53 2001
@@ -35,6 +35,7 @@
 /*	{ "verbose", 1, 0, 'v' }, */
 	{ "help", 0, 0, 'h' },
 	{ "noflush", 0, 0, 'n'},
+	{ "modprobe", 1, 0, 'M'},
 	{ 0 }
 };
 
@@ -47,16 +48,24 @@
 			"	   [ --counters ]\n"
 			"	   [ --verbose ]\n"
 			"	   [ --help ]\n"
-			"	   [ --noflush ]\n", name);
+			"	   [ --noflush ]\n"
+		        "          [ --modprobe=<command>]\n", name);
 		
 	exit(1);
 }
 
-ip6tc_handle_t create_handle(const char *tablename)
+ip6tc_handle_t create_handle(const char *tablename, const char* modprobe)
 {
 	ip6tc_handle_t handle;
 
 	handle = ip6tc_init(tablename);
+
+	if (!handle) {
+                /* try to insmod the module if iptc_init failed */
+                ip6tables_insmod("ip6_tables", modprobe);
+                handle = ip6tc_init(tablename);
+	}
+
 	if (!handle) {
 		exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
 			"table '%s'\n", program_name, tablename);
@@ -79,11 +88,12 @@
 	char curtable[IP6T_TABLE_MAXNAMELEN + 1];
 	char curchain[IP6T_FUNCTION_MAXNAMELEN + 1];
 	FILE *in;
+	const char *modprobe = 0;
 
 	program_name = "ip6tables-restore";
 	program_version = NETFILTER_VERSION;
 
-	while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) {
+	while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
 		switch (c) {
 			case 'b':
 				binary = 1;
@@ -98,6 +108,9 @@
 			case 'n':
 				noflush = 1;
 				break;
+			case 'M':
+				modprobe = optarg;
+				break;
 		}
 	}
 	
@@ -151,7 +164,7 @@
 			}
 			strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
 
-			handle = create_handle(table);
+			handle = create_handle(table, modprobe);
 			if (noflush == 0) {
 				DEBUGP("Cleaning all chains of table '%s'\n",
 					table);
diff -urN latest/netfilter/userspace/ip6tables.c \
                ownlatest/netfilter/userspace/ip6tables.c
--- latest/netfilter/userspace/ip6tables.c	Thu May 31 19:22:41 2001
+++ ownlatest/netfilter/userspace/ip6tables.c	Thu May 31 19:28:29 2001
@@ -1511,7 +1511,7 @@
         return NULL;
 }
 
-static int ip6tables_insmod(const char *modname, const char *modprobe)
+int ip6tables_insmod(const char *modname, const char *modprobe)
 {
         char *buf = NULL;
         char *argv[3];



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic