summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/ip6tables.h4
-rw-r--r--include/iptables_common.h4
-rw-r--r--ip6tables-restore.c2
-rw-r--r--ip6tables.c22
-rw-r--r--iptables-restore.c2
-rw-r--r--iptables.c22
6 files changed, 34 insertions, 22 deletions
diff --git a/include/ip6tables.h b/include/ip6tables.h
index f8f709b..89bdd54 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -174,7 +174,7 @@ extern void parse_interface(const char *arg, char *vianame, unsigned char *mask)
extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
-extern int ip6tables_insmod(const char *modname, const char *modprobe);
-extern int load_ip6tables_ko(const char *modprobe);
+extern int ip6tables_insmod(const char *modname, const char *modprobe, int quit);
+extern int load_ip6tables_ko(const char *modprobe, int quit);
#endif /*_IP6TABLES_USER_H*/
diff --git a/include/iptables_common.h b/include/iptables_common.h
index 6f7e429..0852906 100644
--- a/include/iptables_common.h
+++ b/include/iptables_common.h
@@ -27,8 +27,8 @@ extern int string_to_number_ll(const char *,
unsigned long long int,
unsigned long long int,
unsigned long long *);
-extern int iptables_insmod(const char *modname, const char *modprobe);
-extern int load_iptables_ko(const char *modprobe);
+extern int iptables_insmod(const char *modname, const char *modprobe, int quit);
+extern int load_iptables_ko(const char *modprobe, int quit);
void exit_error(enum exittype, char *, ...)__attribute__((noreturn,
format(printf,2,3)));
extern const char *program_name, *program_version;
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index d5ec80a..4f5ead1 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -62,7 +62,7 @@ ip6tc_handle_t create_handle(const char *tablename, const char* modprobe)
if (!handle) {
/* try to insmod the module if iptc_init failed */
- ip6tables_insmod("ip6_tables", modprobe);
+ ip6tables_insmod("ip6_tables", modprobe, 1);
handle = ip6tc_init(tablename);
}
diff --git a/ip6tables.c b/ip6tables.c
index ebdaa62..5cd7417 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1126,7 +1126,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
strcpy(rev.name, name);
rev.revision = revision;
- load_ip6tables_ko(modprobe);
+ load_ip6tables_ko(modprobe, 1);
max_rev = getsockopt(sockfd, IPPROTO_IPV6, opt, &rev, &s);
if (max_rev < 0) {
@@ -1751,10 +1751,10 @@ static char *get_modprobe(void)
return NULL;
}
-int ip6tables_insmod(const char *modname, const char *modprobe)
+int ip6tables_insmod(const char *modname, const char *modprobe, int quit)
{
char *buf = NULL;
- char *argv[3];
+ char *argv[4];
int status;
/* If they don't explicitly set it, read out of kernel */
@@ -1769,7 +1769,13 @@ int ip6tables_insmod(const char *modname, const char *modprobe)
case 0:
argv[0] = (char *)modprobe;
argv[1] = (char *)modname;
- argv[2] = NULL;
+ if (quit) {
+ argv[2] = "-q";
+ argv[3] = NULL;
+ } else {
+ argv[2] = NULL;
+ argv[3] = NULL;
+ }
execv(argv[0], argv);
/* not usually reached */
@@ -1787,14 +1793,14 @@ int ip6tables_insmod(const char *modname, const char *modprobe)
return -1;
}
-int load_ip6tables_ko(const char *modprobe)
+int load_ip6tables_ko(const char *modprobe, int quit)
{
static int loaded = 0;
static int ret = -1;
if (!loaded) {
- ret = ip6tables_insmod("ip6_tables", modprobe);
- loaded = 1;
+ ret = ip6tables_insmod("ip6_tables", modprobe, quit);
+ loaded = (ret == 0);
}
return ret;
@@ -2355,7 +2361,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
*handle = ip6tc_init(*table);
/* try to insmod the module if iptc_init failed */
- if (!*handle && load_ip6tables_ko(modprobe) != -1)
+ if (!*handle && load_ip6tables_ko(modprobe, 0) != -1)
*handle = ip6tc_init(*table);
if (!*handle)
diff --git a/iptables-restore.c b/iptables-restore.c
index 9abdef2..89acd73 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -59,7 +59,7 @@ iptc_handle_t create_handle(const char *tablename, const char* modprobe )
if (!handle) {
/* try to insmod the module if iptc_init failed */
- iptables_insmod("ip_tables", modprobe);
+ iptables_insmod("ip_tables", modprobe, 0);
handle = iptc_init(tablename);
}
diff --git a/iptables.c b/iptables.c
index d4aa26f..c74bc10 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1149,7 +1149,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
exit(1);
}
- load_iptables_ko(modprobe);
+ load_iptables_ko(modprobe, 1);
strcpy(rev.name, name);
rev.revision = revision;
@@ -1813,10 +1813,10 @@ static char *get_modprobe(void)
return NULL;
}
-int iptables_insmod(const char *modname, const char *modprobe)
+int iptables_insmod(const char *modname, const char *modprobe, int quit)
{
char *buf = NULL;
- char *argv[3];
+ char *argv[4];
int status;
/* If they don't explicitly set it, read out of kernel */
@@ -1831,7 +1831,13 @@ int iptables_insmod(const char *modname, const char *modprobe)
case 0:
argv[0] = (char *)modprobe;
argv[1] = (char *)modname;
- argv[2] = NULL;
+ if (quit) {
+ argv[2] = "-q";
+ argv[3] = NULL;
+ } else {
+ argv[2] = NULL;
+ argv[3] = NULL;
+ }
execv(argv[0], argv);
/* not usually reached */
@@ -1849,14 +1855,14 @@ int iptables_insmod(const char *modname, const char *modprobe)
return -1;
}
-int load_iptables_ko(const char *modprobe)
+int load_iptables_ko(const char *modprobe, int quit)
{
static int loaded = 0;
static int ret = -1;
if (!loaded) {
- ret = iptables_insmod("ip_tables", NULL);
- loaded = 1;
+ ret = iptables_insmod("ip_tables", NULL, quit);
+ loaded = (ret == 0);
}
return ret;
@@ -2442,7 +2448,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
*handle = iptc_init(*table);
/* try to insmod the module if iptc_init failed */
- if (!*handle && load_iptables_ko(modprobe) != -1)
+ if (!*handle && load_iptables_ko(modprobe, 0) != -1)
*handle = iptc_init(*table);
if (!*handle)