From: Victor Stinner <victor.stinner@inl.fr>
To: netfilter-devel@vger.kernel.org
Subject: iptables-save and /proc/net/ip_tables_names
Date: Thu, 18 Oct 2007 16:16:00 +0200 [thread overview]
Message-ID: <200710181616.00944.victor.stinner@inl.fr> (raw)
[-- Attachment #1: Type: text/plain, Size: 815 bytes --]
Hi,
I found a bug in iptables-save: when fopen("/proc/net/ip_tables_names") fails,
iptables-save just exit with code 0 (success). I expected an error to make
this command works together:
$ iptables-save > /tmp/iptables-backup
$ iptables (...)
$ iptables-restore > /tmp/iptables-backup
The problem is that ip_tables module is not loaded before first iptables
command.
Workaround: load iptables kernel modules before calling iptables-save or check
that iptables-save is not empty.
Bugfix in iptables-save: exit with error code (1) on fopen failure => see
attached patch proposition. The error message could be "iptables kernel
module is not loaded (unable to open ...)" or something better. The most
important point is the exit code to make my bash script work :-)
Victor Stinner
http://www.inl.fr/
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: iptables-save-tables_names.patch --]
[-- Type: text/x-diff; charset="us-ascii"; name="iptables-save-tables_names.patch", Size: 508 bytes --]
Index: iptables-save.c
===================================================================
--- iptables-save.c (révision 7079)
+++ iptables-save.c (copie de travail)
@@ -242,7 +242,9 @@
procfile = fopen("/proc/net/ip_tables_names", "r");
if (!procfile)
- return 0;
+ exit_error(OTHER_PROBLEM,
+ "Unable to open /proc/net/ip_tables_names: %s\n",
+ strerror(errno));
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
next reply other threads:[~2007-10-18 14:16 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-10-18 14:16 Victor Stinner [this message]
2007-10-18 14:23 ` iptables-save and /proc/net/ip_tables_names Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200710181616.00944.victor.stinner@inl.fr \
--to=victor.stinner@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).