From 3893a312f54c802609a63bbef6db8c369bac3efa Mon Sep 17 00:00:00 2001 From: laforge Date: Sat, 16 Jun 2001 18:25:25 +0000 Subject: Added support for iptables-restore module-load-on-demand (a. van schie) --- include/ip6tables.h | 1 + include/iptables_common.h | 1 + ip6tables-restore.c | 21 +++++++++++++++++---- ip6tables.c | 2 +- iptables-restore.c | 23 ++++++++++++++++++----- iptables.c | 2 +- 6 files changed, 39 insertions(+), 11 deletions(-) diff --git a/include/ip6tables.h b/include/ip6tables.h index baa3677..9ac3835 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -122,5 +122,6 @@ extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload); extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle); extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); +extern int ip6tables_insmod(const char *modname, const char *modprobe); #endif /*_IP6TABLES_USER_H*/ diff --git a/include/iptables_common.h b/include/iptables_common.h index 90ca74d..be9c550 100644 --- a/include/iptables_common.h +++ b/include/iptables_common.h @@ -11,6 +11,7 @@ extern void exit_printhelp() __attribute__((noreturn)); extern void exit_tryhelp(int) __attribute__((noreturn)); int check_inverse(const char option[], int *invert); extern int string_to_number(const char *, int, int); +extern int iptables_insmod(const char *modname, const char *modprobe); void exit_error(enum exittype, char *, ...)__attribute__((noreturn, format(printf,2,3))); extern const char *program_name, *program_version; diff --git a/ip6tables-restore.c b/ip6tables-restore.c index 9ebc577..f7a94f2 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -35,6 +35,7 @@ static struct option options[] = { /* { "verbose", 1, 0, 'v' }, */ { "help", 0, 0, 'h' }, { "noflush", 0, 0, 'n'}, + { "modprobe", 1, 0, 'M'}, { 0 } }; @@ -47,16 +48,24 @@ static void print_usage(const char *name, const char *version) " [ --counters ]\n" " [ --verbose ]\n" " [ --help ]\n" - " [ --noflush ]\n", name); + " [ --noflush ]\n" + " [ --modprobe=]\n", name); exit(1); } -ip6tc_handle_t create_handle(const char *tablename) +ip6tc_handle_t create_handle(const char *tablename, const char* modprobe) { ip6tc_handle_t handle; handle = ip6tc_init(tablename); + + if (!handle) { + /* try to insmod the module if iptc_init failed */ + ip6tables_insmod("ip6_tables", modprobe); + handle = ip6tc_init(tablename); + } + if (!handle) { exit_error(PARAMETER_PROBLEM, "%s: unable to initialize" "table '%s'\n", program_name, tablename); @@ -79,11 +88,12 @@ int main(int argc, char *argv[]) char curtable[IP6T_TABLE_MAXNAMELEN + 1]; char curchain[IP6T_FUNCTION_MAXNAMELEN + 1]; FILE *in; + const char *modprobe = 0; program_name = "ip6tables-restore"; program_version = NETFILTER_VERSION; - while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) { switch (c) { case 'b': binary = 1; @@ -98,6 +108,9 @@ int main(int argc, char *argv[]) case 'n': noflush = 1; break; + case 'M': + modprobe = optarg; + break; } } @@ -151,7 +164,7 @@ int main(int argc, char *argv[]) } strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN); - handle = create_handle(table); + handle = create_handle(table, modprobe); if (noflush == 0) { DEBUGP("Cleaning all chains of table '%s'\n", table); diff --git a/ip6tables.c b/ip6tables.c index caa8995..bce4b7b 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1545,7 +1545,7 @@ static char *get_modprobe(void) return NULL; } -static int ip6tables_insmod(const char *modname, const char *modprobe) +int ip6tables_insmod(const char *modname, const char *modprobe) { char *buf = NULL; char *argv[3]; diff --git a/iptables-restore.c b/iptables-restore.c index e5a28f3..b6bcb7b 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -4,7 +4,7 @@ * * This coude is distributed under the terms of GNU GPL * - * $Id: iptables-restore.c,v 1.11 2001/05/03 20:50:03 laforge Exp $ + * $Id: iptables-restore.c,v 1.12 2001/05/26 04:41:56 laforge Exp $ */ #include @@ -30,6 +30,7 @@ static struct option options[] = { /* { "verbose", 1, 0, 'v' }, */ { "help", 0, 0, 'h' }, { "noflush", 0, 0, 'n'}, + { "modprobe", 1, 0, 'M'}, { 0 } }; @@ -42,16 +43,24 @@ static void print_usage(const char *name, const char *version) " [ --counters ]\n" " [ --verbose ]\n" " [ --help ]\n" - " [ --noflush ]\n", name); + " [ --noflush ]\n" + " [ --modprobe=]\n", name); exit(1); } -iptc_handle_t create_handle(const char *tablename) +iptc_handle_t create_handle(const char *tablename, const char* modprobe ) { iptc_handle_t handle; handle = iptc_init(tablename); + + if (!handle) { + /* try to insmod the module if iptc_init failed */ + iptables_insmod("ip_tables", modprobe); + handle = iptc_init(tablename); + } + if (!handle) { exit_error(PARAMETER_PROBLEM, "%s: unable to initialize" "table '%s'\n", program_name, tablename); @@ -95,11 +104,12 @@ int main(int argc, char *argv[]) int c; char curtable[IPT_TABLE_MAXNAMELEN + 1]; FILE *in; + const char *modprobe = 0; program_name = "iptables-restore"; program_version = NETFILTER_VERSION; - while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) { + while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) { switch (c) { case 'b': binary = 1; @@ -114,6 +124,9 @@ int main(int argc, char *argv[]) case 'n': noflush = 1; break; + case 'M': + modprobe = optarg; + break; } } @@ -157,7 +170,7 @@ int main(int argc, char *argv[]) } strncpy(curtable, table, IPT_TABLE_MAXNAMELEN); - handle = create_handle(table); + handle = create_handle(table, modprobe); if (noflush == 0) { DEBUGP("Cleaning all chains of table '%s'\n", table); diff --git a/iptables.c b/iptables.c index 5e7db06..e8ac265 100644 --- a/iptables.c +++ b/iptables.c @@ -1551,7 +1551,7 @@ static char *get_modprobe(void) return NULL; } -static int iptables_insmod(const char *modname, const char *modprobe) +int iptables_insmod(const char *modname, const char *modprobe) { char *buf = NULL; char *argv[3]; -- cgit v1.2.3