load ip_[6]tables.ko just before checking revision support in kernel.

diff --git a/include/ip6tables.h b/include/ip6tables.h
index 8fe7899b39d3a070b9c3c69108b7fb8ae3333a93..7907f66b4680af576da44ab008aa18b0f223431b 100644 (file)
--- a/include/ip6tables.h
+++ b/include/ip6tables.h
@@ -172,5 +172,6 @@ extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *
 extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
 extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
 extern int ip6tables_insmod(const char *modname, const char *modprobe);
+extern int load_ip6tables_ko(const char *modprobe);
 
 #endif /*_IP6TABLES_USER_H*/

diff --git a/include/iptables_common.h b/include/iptables_common.h
index 05516ac0f79b8000c9c22918dc6e2419e524eef4..6f7e4295ea8c9820599a3564344ad2566baaf6f7 100644 (file)
--- a/include/iptables_common.h
+++ b/include/iptables_common.h
@@ -28,6 +28,7 @@ extern int string_to_number_ll(const char *,
                            unsigned long long int,
                            unsigned long long *);
 extern int iptables_insmod(const char *modname, const char *modprobe);
+extern int load_iptables_ko(const char *modprobe);
 void exit_error(enum exittype, char *, ...)__attribute__((noreturn,
                                                          format(printf,2,3)));
 extern const char *program_name, *program_version;

diff --git a/ip6tables.c b/ip6tables.c
index 92e434cfdcb3145153ae7db569a07a07f3eb1fed..8bb7661b2e5e44f4df0d73202adb38551c2a9eff 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -193,6 +193,9 @@ const char *program_version;
 const char *program_name;
 char *lib_dir;
 
+/* the path to command to load kernel module */
+const char *modprobe = NULL;
+
 /* Keeping track of external matches and targets: linked lists.  */
 struct ip6tables_match *ip6tables_matches = NULL;
 struct ip6tables_target *ip6tables_targets = NULL;
@@ -1118,6 +1121,8 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
        strcpy(rev.name, name);
        rev.revision = revision;
 
+       load_ip6tables_ko(modprobe);
+
        max_rev = getsockopt(sockfd, IPPROTO_IPV6, opt, &rev, &s);
        if (max_rev < 0) {
                /* Definitely don't support this? */
@@ -1777,6 +1782,19 @@ int ip6tables_insmod(const char *modname, const char *modprobe)
        return -1;
 }
 
+int load_ip6tables_ko(const char *modprobe)
+{
+       static int loaded = 0;
+       static int ret = -1;
+
+       if (!loaded) {
+               ret = ip6tables_insmod("ip6_tables", modprobe);
+               loaded = 1;
+       }
+
+       return ret;
+}
+
 static struct ip6t_entry *
 generate_entry(const struct ip6t_entry *fw,
               struct ip6tables_rule_match *matches,
@@ -1855,7 +1873,6 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
        struct ip6tables_target *t;
        const char *jumpto = "";
        char *protocol = NULL;
-       const char *modprobe = NULL;
        int proto_used = 0;
 
        memset(&fw, 0, sizeof(fw));
@@ -2333,7 +2350,7 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
                *handle = ip6tc_init(*table);
 
        /* try to insmod the module if iptc_init failed */
-       if (!*handle && ip6tables_insmod("ip6_tables", modprobe) != -1)
+       if (!*handle && load_ip6tables_ko(modprobe) != -1)
                *handle = ip6tc_init(*table);
 
        if (!*handle)

diff --git a/iptables.c b/iptables.c
index bece359e9fc03180636cecf35756ee8051545dca..b627d3a194857e5e4ce11edeb188b434a30bc844 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -197,6 +197,9 @@ char *lib_dir;
 
 int kernel_version;
 
+/* the path to command to load kernel module */
+const char *modprobe = NULL;
+
 /* Keeping track of external matches and targets: linked lists.  */
 struct iptables_match *iptables_matches = NULL;
 struct iptables_target *iptables_targets = NULL;
@@ -1147,6 +1150,8 @@ static int compatible_revision(const char *name, u_int8_t revision, int opt)
                exit(1);
        }
 
+       load_iptables_ko(modprobe);
+
        strcpy(rev.name, name);
        rev.revision = revision;
 
@@ -1845,6 +1850,19 @@ int iptables_insmod(const char *modname, const char *modprobe)
        return -1;
 }
 
+int load_iptables_ko(const char *modprobe)
+{
+       static int loaded = 0;
+       static int ret = -1;
+
+       if (!loaded) {
+               ret = iptables_insmod("ip_tables", NULL);
+               loaded = 1;
+       }
+
+       return ret;
+}
+
 static struct ipt_entry *
 generate_entry(const struct ipt_entry *fw,
               struct iptables_rule_match *matches,
@@ -1938,7 +1956,6 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
        struct iptables_target *t;
        const char *jumpto = "";
        char *protocol = NULL;
-       const char *modprobe = NULL;
        int proto_used = 0;
 
        memset(&fw, 0, sizeof(fw));
@@ -2426,7 +2443,7 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
                *handle = iptc_init(*table);
 
        /* try to insmod the module if iptc_init failed */
-       if (!*handle && iptables_insmod("ip_tables", modprobe) != -1)
+       if (!*handle && load_iptables_ko(modprobe) != -1)
                *handle = iptc_init(*table);
 
        if (!*handle)