Re: Automatically load modules in iptables-save

[Soren Hansen <soren@ubuntu.com>]

[-- Attachment #1: Type: text/plain, Size: 3368 bytes --]

On Thu, Mar 19, 2009 at 04:43:01PM +0100, Soren Hansen wrote:
> On Thu, Mar 19, 2009 at 03:31:25PM +0100, Jan Engelhardt wrote:
> >>How about the case where someone calls "iptables-save -t foo"? Should
> >>that just return an empty string and exit(0), should it attempt module
> >>load to see if that's even a valid table or something entirely
> >>different?
> > 
> > It should load x_tables.ko and the table... I have a suspicion
> > some unknown users might expect to see "*foo" when using -t.
> 
> Alright. This patch should make everyone happy, then..

Sorry, this is better:


Index: iptables-1.4.1.1/iptables-save.c
===================================================================
--- iptables-1.4.1.1.orig/iptables-save.c	2009-03-19 16:08:12.571341329 +0100
+++ iptables-1.4.1.1/iptables-save.c	2009-03-19 17:29:54.623322505 +0100
@@ -28,11 +28,12 @@
 	{.name = "counters", .has_arg = false, .val = 'c'},
 	{.name = "dump",     .has_arg = false, .val = 'd'},
 	{.name = "table",    .has_arg = true,  .val = 't'},
+	{.name = "modprobe", .has_arg = true,  .val = 'M'},
 	{NULL},
 };
 
 /* Debugging prototype. */
-static int for_each_table(int (*func)(const char *tablename))
+static int for_each_table(int (*func)(const char *tablename, const char *modprobe), const char *modprobe)
 {
 	int ret = 1;
 	FILE *procfile = NULL;
@@ -40,9 +41,7 @@
 
 	procfile = fopen("/proc/net/ip_tables_names", "r");
 	if (!procfile)
-		exit_error(OTHER_PROBLEM,
-			   "Unable to open /proc/net/ip_tables_names: %s\n",
-			   strerror(errno));
+		exit(0);
 
 	while (fgets(tablename, sizeof(tablename), procfile)) {
 		if (tablename[strlen(tablename) - 1] != '\n')
@@ -50,22 +49,27 @@
 				   "Badly formed tablename `%s'\n",
 				   tablename);
 		tablename[strlen(tablename) - 1] = '\0';
-		ret &= func(tablename);
+		ret &= func(tablename, modprobe);
 	}
 
 	return ret;
 }
 
 
-static int do_output(const char *tablename)
+static int do_output(const char *tablename, const char *modprobe)
 {
 	iptc_handle_t h;
 	const char *chain = NULL;
 
 	if (!tablename)
-		return for_each_table(&do_output);
+		return for_each_table(&do_output, modprobe);
 
 	h = iptc_init(tablename);
+	if (!h) {
+		load_xtables_ko(modprobe, 0);
+		h = iptc_init(tablename);
+	}
+
 	if (!h)
 		exit_error(OTHER_PROBLEM, "Can't initialize: %s\n",
 			   iptc_strerror(errno));
@@ -134,6 +138,7 @@
 #endif
 {
 	const char *tablename = NULL;
+	const char *modprobe = NULL;
 	int c;
 
 	program_name = "iptables-save";
@@ -152,8 +157,8 @@
 	init_extensions();
 #endif
 
-	while ((c = getopt_long(argc, argv, "bcdt:", options, NULL)) != -1) {
-		switch (c) {
+	while ((c = getopt_long(argc, argv, "bcdt:M:", options, NULL)) != -1) {
+	switch (c) {
 		case 'b':
 			show_binary = 1;
 			break;
@@ -166,8 +171,11 @@
 			/* Select specific table. */
 			tablename = optarg;
 			break;
+		case 'M':
+			modprobe = optarg;
+			break;
 		case 'd':
-			do_output(tablename);
+			do_output(tablename, modprobe);
 			exit(0);
 		}
 	}
@@ -177,5 +185,5 @@
 		exit(1);
 	}
 
-	return !do_output(tablename);
+	return !do_output(tablename, modprobe);
 }


-- 
Soren Hansen                 | 
Lead Virtualisation Engineer | Ubuntu Server Team
Canonical Ltd.               | http://www.ubuntu.com/

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 315 bytes --]