diff options
-rw-r--r-- | include/ip6tables.h | 4 | ||||
-rw-r--r-- | include/iptables_common.h | 4 | ||||
-rw-r--r-- | ip6tables-restore.c | 2 | ||||
-rw-r--r-- | ip6tables.c | 22 | ||||
-rw-r--r-- | iptables-restore.c | 2 | ||||
-rw-r--r-- | iptables.c | 22 |
6 files changed, 34 insertions, 22 deletions
diff --git a/include/ip6tables.h b/include/ip6tables.h index f8f709bc..89bdd54f 100644 --- a/include/ip6tables.h +++ b/include/ip6tables.h @@ -174,7 +174,7 @@ extern void parse_interface(const char *arg, char *vianame, unsigned char *mask) extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle); extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); -extern int ip6tables_insmod(const char *modname, const char *modprobe); -extern int load_ip6tables_ko(const char *modprobe); +extern int ip6tables_insmod(const char *modname, const char *modprobe, int quit); +extern int load_ip6tables_ko(const char *modprobe, int quit); #endif /*_IP6TABLES_USER_H*/ diff --git a/include/iptables_common.h b/include/iptables_common.h index 6f7e4295..08529064 100644 --- a/include/iptables_common.h +++ b/include/iptables_common.h @@ -27,8 +27,8 @@ extern int string_to_number_ll(const char *, unsigned long long int, unsigned long long int, unsigned long long *); -extern int iptables_insmod(const char *modname, const char *modprobe); -extern int load_iptables_ko(const char *modprobe); +extern int iptables_insmod(const char *modname, const char *modprobe, int quit); +extern int load_iptables_ko(const char *modprobe, int quit); void exit_error(enum exittype, char *, ...)__attribute__((noreturn, format(printf,2,3))); extern const char *program_name, *program_version; diff --git a/ip6tables-restore.c b/ip6tables-restore.c index d5ec80a6..4f5ead1d 100644 --- a/ip6tables-restore.c +++ b/ip6tables-restore.c @@ -62,7 +62,7 @@ ip6tc_handle_t create_handle(const char *tablename, const char* modprobe) if (!handle) { /* try to insmod the module if iptc_init failed */ - ip6tables_insmod("ip6_tables", modprobe); + ip6tables_insmod("ip6_tables", modprobe, 1); handle = ip6tc_init(tablename); } diff --git a/ip6tables.c b/ip6tables.c index ebdaa62f..5cd74176 100644 --- a/ip6tables.c +++ b/ip6tables.c @@ -1126,7 +1126,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) strcpy(rev.name, name); rev.revision = revision; - load_ip6tables_ko(modprobe); + load_ip6tables_ko(modprobe, 1); max_rev = getsockopt(sockfd, IPPROTO_IPV6, opt, &rev, &s); if (max_rev < 0) { @@ -1751,10 +1751,10 @@ static char *get_modprobe(void) return NULL; } -int ip6tables_insmod(const char *modname, const char *modprobe) +int ip6tables_insmod(const char *modname, const char *modprobe, int quit) { char *buf = NULL; - char *argv[3]; + char *argv[4]; int status; /* If they don't explicitly set it, read out of kernel */ @@ -1769,7 +1769,13 @@ int ip6tables_insmod(const char *modname, const char *modprobe) case 0: argv[0] = (char *)modprobe; argv[1] = (char *)modname; - argv[2] = NULL; + if (quit) { + argv[2] = "-q"; + argv[3] = NULL; + } else { + argv[2] = NULL; + argv[3] = NULL; + } execv(argv[0], argv); /* not usually reached */ @@ -1787,14 +1793,14 @@ int ip6tables_insmod(const char *modname, const char *modprobe) return -1; } -int load_ip6tables_ko(const char *modprobe) +int load_ip6tables_ko(const char *modprobe, int quit) { static int loaded = 0; static int ret = -1; if (!loaded) { - ret = ip6tables_insmod("ip6_tables", modprobe); - loaded = 1; + ret = ip6tables_insmod("ip6_tables", modprobe, quit); + loaded = (ret == 0); } return ret; @@ -2355,7 +2361,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle) *handle = ip6tc_init(*table); /* try to insmod the module if iptc_init failed */ - if (!*handle && load_ip6tables_ko(modprobe) != -1) + if (!*handle && load_ip6tables_ko(modprobe, 0) != -1) *handle = ip6tc_init(*table); if (!*handle) diff --git a/iptables-restore.c b/iptables-restore.c index 9abdef25..89acd73d 100644 --- a/iptables-restore.c +++ b/iptables-restore.c @@ -59,7 +59,7 @@ iptc_handle_t create_handle(const char *tablename, const char* modprobe ) if (!handle) { /* try to insmod the module if iptc_init failed */ - iptables_insmod("ip_tables", modprobe); + iptables_insmod("ip_tables", modprobe, 0); handle = iptc_init(tablename); } @@ -1149,7 +1149,7 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt) exit(1); } - load_iptables_ko(modprobe); + load_iptables_ko(modprobe, 1); strcpy(rev.name, name); rev.revision = revision; @@ -1813,10 +1813,10 @@ static char *get_modprobe(void) return NULL; } -int iptables_insmod(const char *modname, const char *modprobe) +int iptables_insmod(const char *modname, const char *modprobe, int quit) { char *buf = NULL; - char *argv[3]; + char *argv[4]; int status; /* If they don't explicitly set it, read out of kernel */ @@ -1831,7 +1831,13 @@ int iptables_insmod(const char *modname, const char *modprobe) case 0: argv[0] = (char *)modprobe; argv[1] = (char *)modname; - argv[2] = NULL; + if (quit) { + argv[2] = "-q"; + argv[3] = NULL; + } else { + argv[2] = NULL; + argv[3] = NULL; + } execv(argv[0], argv); /* not usually reached */ @@ -1849,14 +1855,14 @@ int iptables_insmod(const char *modname, const char *modprobe) return -1; } -int load_iptables_ko(const char *modprobe) +int load_iptables_ko(const char *modprobe, int quit) { static int loaded = 0; static int ret = -1; if (!loaded) { - ret = iptables_insmod("ip_tables", NULL); - loaded = 1; + ret = iptables_insmod("ip_tables", NULL, quit); + loaded = (ret == 0); } return ret; @@ -2442,7 +2448,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle) *handle = iptc_init(*table); /* try to insmod the module if iptc_init failed */ - if (!*handle && load_iptables_ko(modprobe) != -1) + if (!*handle && load_iptables_ko(modprobe, 0) != -1) *handle = iptc_init(*table); if (!*handle) |