Added support for iptables-restore module-load-on-demand (a. van schie)
diff --git a/include/ip6tables.h b/include/ip6tables.h
index baa3677..9ac3835 100644
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -122,5 +122,6 @@
extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
+extern int ip6tables_insmod(const char *modname, const char *modprobe);
#endif /*_IP6TABLES_USER_H*/
diff --git a/include/iptables_common.h b/include/iptables_common.h
index 90ca74d..be9c550 100644
--- a/include/iptables_common.h
+++ b/include/iptables_common.h
@@ -11,6 +11,7 @@
extern void exit_tryhelp(int) __attribute__((noreturn));
int check_inverse(const char option[], int *invert);
extern int string_to_number(const char *, int, int);
+extern int iptables_insmod(const char *modname, const char *modprobe);
void exit_error(enum exittype, char *, ...)__attribute__((noreturn,
format(printf,2,3)));
extern const char *program_name, *program_version;
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index 9ebc577..f7a94f2 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -35,6 +35,7 @@
/* { "verbose", 1, 0, 'v' }, */
{ "help", 0, 0, 'h' },
{ "noflush", 0, 0, 'n'},
+ { "modprobe", 1, 0, 'M'},
{ 0 }
};
@@ -47,16 +48,24 @@
" [ --counters ]\n"
" [ --verbose ]\n"
" [ --help ]\n"
- " [ --noflush ]\n", name);
+ " [ --noflush ]\n"
+ " [ --modprobe=<command>]\n", name);
exit(1);
}
-ip6tc_handle_t create_handle(const char *tablename)
+ip6tc_handle_t create_handle(const char *tablename, const char* modprobe)
{
ip6tc_handle_t handle;
handle = ip6tc_init(tablename);
+
+ if (!handle) {
+ /* try to insmod the module if iptc_init failed */
+ ip6tables_insmod("ip6_tables", modprobe);
+ handle = ip6tc_init(tablename);
+ }
+
if (!handle) {
exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
"table '%s'\n", program_name, tablename);
@@ -79,11 +88,12 @@
char curtable[IP6T_TABLE_MAXNAMELEN + 1];
char curchain[IP6T_FUNCTION_MAXNAMELEN + 1];
FILE *in;
+ const char *modprobe = 0;
program_name = "ip6tables-restore";
program_version = NETFILTER_VERSION;
- while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
@@ -98,6 +108,9 @@
case 'n':
noflush = 1;
break;
+ case 'M':
+ modprobe = optarg;
+ break;
}
}
@@ -151,7 +164,7 @@
}
strncpy(curtable, table, IP6T_TABLE_MAXNAMELEN);
- handle = create_handle(table);
+ handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
diff --git a/ip6tables.c b/ip6tables.c
index caa8995..bce4b7b 100644
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -1545,7 +1545,7 @@
return NULL;
}
-static int ip6tables_insmod(const char *modname, const char *modprobe)
+int ip6tables_insmod(const char *modname, const char *modprobe)
{
char *buf = NULL;
char *argv[3];
diff --git a/iptables-restore.c b/iptables-restore.c
index e5a28f3..b6bcb7b 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -4,7 +4,7 @@
*
* This coude is distributed under the terms of GNU GPL
*
- * $Id: iptables-restore.c,v 1.11 2001/05/03 20:50:03 laforge Exp $
+ * $Id: iptables-restore.c,v 1.12 2001/05/26 04:41:56 laforge Exp $
*/
#include <getopt.h>
@@ -30,6 +30,7 @@
/* { "verbose", 1, 0, 'v' }, */
{ "help", 0, 0, 'h' },
{ "noflush", 0, 0, 'n'},
+ { "modprobe", 1, 0, 'M'},
{ 0 }
};
@@ -42,16 +43,24 @@
" [ --counters ]\n"
" [ --verbose ]\n"
" [ --help ]\n"
- " [ --noflush ]\n", name);
+ " [ --noflush ]\n"
+ " [ --modprobe=<command>]\n", name);
exit(1);
}
-iptc_handle_t create_handle(const char *tablename)
+iptc_handle_t create_handle(const char *tablename, const char* modprobe )
{
iptc_handle_t handle;
handle = iptc_init(tablename);
+
+ if (!handle) {
+ /* try to insmod the module if iptc_init failed */
+ iptables_insmod("ip_tables", modprobe);
+ handle = iptc_init(tablename);
+ }
+
if (!handle) {
exit_error(PARAMETER_PROBLEM, "%s: unable to initialize"
"table '%s'\n", program_name, tablename);
@@ -95,11 +104,12 @@
int c;
char curtable[IPT_TABLE_MAXNAMELEN + 1];
FILE *in;
+ const char *modprobe = 0;
program_name = "iptables-restore";
program_version = NETFILTER_VERSION;
- while ((c = getopt_long(argc, argv, "bcvhn", options, NULL)) != -1) {
+ while ((c = getopt_long(argc, argv, "bcvhnM:", options, NULL)) != -1) {
switch (c) {
case 'b':
binary = 1;
@@ -114,6 +124,9 @@
case 'n':
noflush = 1;
break;
+ case 'M':
+ modprobe = optarg;
+ break;
}
}
@@ -157,7 +170,7 @@
}
strncpy(curtable, table, IPT_TABLE_MAXNAMELEN);
- handle = create_handle(table);
+ handle = create_handle(table, modprobe);
if (noflush == 0) {
DEBUGP("Cleaning all chains of table '%s'\n",
table);
diff --git a/iptables.c b/iptables.c
index 5e7db06..e8ac265 100644
--- a/iptables.c
+++ b/iptables.c
@@ -1551,7 +1551,7 @@
return NULL;
}
-static int iptables_insmod(const char *modname, const char *modprobe)
+int iptables_insmod(const char *modname, const char *modprobe)
{
char *buf = NULL;
char *argv[3];