From c20ca251137adfc48e960f9aaa84e8ba5545f2f0 Mon Sep 17 00:00:00 2001 From: "/C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=yasuyuki/emailAddress=yasuyuki@netfilter.org" Date: Mon, 13 Nov 2006 05:09:16 +0000 Subject: load ip_[6]tables.ko just before checking revision support in kernel. --- include/ip6tables.h | 1 + include/iptables_common.h | 1 + ip6tables.c | 21 +++++++++++++++++++-- iptables.c | 21 +++++++++++++++++++-- 4 files changed, 40 insertions(+), 4 deletions(-) diff --git a/include/ip6tables.h b/include/ip6tables.h index 8fe7899..7907f66 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -172,5 +172,6 @@ extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t * extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); extern int ip6tables_insmod(const char *modname, const char *modprobe); +extern int load_ip6tables_ko(const char *modprobe); #endif /*_IP6TABLES_USER_H*/ diff --git a/include/iptables_common.h b/include/iptables_common.h index 05516ac..6f7e429 100644 --- a/include/iptables_common.h +++ b/include/iptables_common.h @@ -28,6 +28,7 @@ extern int string_to_number_ll(const char *, unsigned long long int, unsigned long long *); extern int iptables_insmod(const char *modname, const char *modprobe); +extern int load_iptables_ko(const char *modprobe); void exit_error(enum exittype, char *, ...)__attribute__((noreturn, format(printf,2,3))); extern const char *program_name, *program_version; diff --git a/ip6tables.c b/ip6tables.c index 92e434c..8bb7661 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -193,6 +193,9 @@ const char *program_version; const char *program_name; char *lib_dir; +/* the path to command to load kernel module */ +const char *modprobe = NULL; + /* Keeping track of external matches and targets: linked lists. */ struct ip6tables_match *ip6tables_matches = NULL; struct ip6tables_target *ip6tables_targets = NULL; @@ -1118,6 +1121,8 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) strcpy(rev.name, name); rev.revision = revision; + load_ip6tables_ko(modprobe); + max_rev = getsockopt(sockfd, IPPROTO_IPV6, opt, &rev, &s); if (max_rev < 0) { /* Definitely don't support this? */ @@ -1777,6 +1782,19 @@ int ip6tables_insmod(const char *modname, const char *modprobe) return -1; } +int load_ip6tables_ko(const char *modprobe) +{ + static int loaded = 0; + static int ret = -1; + + if (!loaded) { + ret = ip6tables_insmod("ip6_tables", modprobe); + loaded = 1; + } + + return ret; +} + static struct ip6t_entry * generate_entry(const struct ip6t_entry *fw, struct ip6tables_rule_match *matches, @@ -1855,7 +1873,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) struct ip6tables_target *t; const char *jumpto = ""; char *protocol = NULL; - const char *modprobe = NULL; int proto_used = 0; memset(&fw, 0, sizeof(fw)); @@ -2333,7 +2350,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) *handle = ip6tc_init(*table); /* try to insmod the module if iptc_init failed */ - if (!*handle && ip6tables_insmod("ip6_tables", modprobe) != -1) + if (!*handle && load_ip6tables_ko(modprobe) != -1) *handle = ip6tc_init(*table); if (!*handle) diff --git a/iptables.c b/iptables.c index bece359..b627d3a 100644 --- a/iptables.c +++ b/iptables.c @@ -197,6 +197,9 @@ char *lib_dir; int kernel_version; +/* the path to command to load kernel module */ +const char *modprobe = NULL; + /* Keeping track of external matches and targets: linked lists. */ struct iptables_match *iptables_matches = NULL; struct iptables_target *iptables_targets = NULL; @@ -1147,6 +1150,8 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) exit(1); } + load_iptables_ko(modprobe); + strcpy(rev.name, name); rev.revision = revision; @@ -1845,6 +1850,19 @@ int iptables_insmod(const char *modname, const char *modprobe) return -1; } +int load_iptables_ko(const char *modprobe) +{ + static int loaded = 0; + static int ret = -1; + + if (!loaded) { + ret = iptables_insmod("ip_tables", NULL); + loaded = 1; + } + + return ret; +} + static struct ipt_entry * generate_entry(const struct ipt_entry *fw, struct iptables_rule_match *matches, @@ -1938,7 +1956,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) struct iptables_target *t; const char *jumpto = ""; char *protocol = NULL; - const char *modprobe = NULL; int proto_used = 0; memset(&fw, 0, sizeof(fw)); @@ -2426,7 +2443,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) *handle = iptc_init(*table); /* try to insmod the module if iptc_init failed */ - if (!*handle && iptables_insmod("ip_tables", modprobe) != -1) + if (!*handle && load_iptables_ko(modprobe) != -1) *handle = iptc_init(*table); if (!*handle) -- cgit v1.2.3