* iptables-save and /proc/net/ip_tables_names
@ 2007-10-18 14:16 Victor Stinner
2007-10-18 14:23 ` Patrick McHardy
0 siblings, 1 reply; 2+ messages in thread
From: Victor Stinner @ 2007-10-18 14:16 UTC (permalink / raw)
To: netfilter-devel
[-- Attachment #1: Type: text/plain, Size: 815 bytes --]
Hi,
I found a bug in iptables-save: when fopen("/proc/net/ip_tables_names") fails,
iptables-save just exit with code 0 (success). I expected an error to make
this command works together:
$ iptables-save > /tmp/iptables-backup
$ iptables (...)
$ iptables-restore > /tmp/iptables-backup
The problem is that ip_tables module is not loaded before first iptables
command.
Workaround: load iptables kernel modules before calling iptables-save or check
that iptables-save is not empty.
Bugfix in iptables-save: exit with error code (1) on fopen failure => see
attached patch proposition. The error message could be "iptables kernel
module is not loaded (unable to open ...)" or something better. The most
important point is the exit code to make my bash script work :-)
Victor Stinner
http://www.inl.fr/
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: iptables-save-tables_names.patch --]
[-- Type: text/x-diff; charset="us-ascii"; name="iptables-save-tables_names.patch", Size: 508 bytes --]
Index: iptables-save.c
===================================================================
--- iptables-save.c (révision 7079)
+++ iptables-save.c (copie de travail)
@@ -242,7 +242,9 @@
procfile = fopen("/proc/net/ip_tables_names", "r");
if (!procfile)
- return 0;
+ exit_error(OTHER_PROBLEM,
+ "Unable to open /proc/net/ip_tables_names: %s\n",
+ strerror(errno));
while (fgets(tablename, sizeof(tablename), procfile)) {
if (tablename[strlen(tablename) - 1] != '\n')
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: iptables-save and /proc/net/ip_tables_names
2007-10-18 14:16 iptables-save and /proc/net/ip_tables_names Victor Stinner
@ 2007-10-18 14:23 ` Patrick McHardy
0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2007-10-18 14:23 UTC (permalink / raw)
To: Victor Stinner; +Cc: netfilter-devel
Victor Stinner wrote:
> Hi,
>
> I found a bug in iptables-save: when fopen("/proc/net/ip_tables_names") fails,
> iptables-save just exit with code 0 (success). I expected an error to make
> this command works together:
> $ iptables-save > /tmp/iptables-backup
> $ iptables (...)
> $ iptables-restore > /tmp/iptables-backup
>
> The problem is that ip_tables module is not loaded before first iptables
> command.
>
> Workaround: load iptables kernel modules before calling iptables-save or check
> that iptables-save is not empty.
>
> Bugfix in iptables-save: exit with error code (1) on fopen failure => see
> attached patch proposition. The error message could be "iptables kernel
> module is not loaded (unable to open ...)" or something better. The most
> important point is the exit code to make my bash script work :-)
Applied with a similar change for ip6tables-restore. Thanks Victor.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-10-18 14:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-18 14:16 iptables-save and /proc/net/ip_tables_names Victor Stinner
2007-10-18 14:23 ` Patrick McHardy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).