Implement IPTABLES_LIB_DIR and IP6TABLES_LIB_DIR environment variables, and set them...

diff --git a/ip6tables.c b/ip6tables.c
index 7cdf457279b60c67bf18d9657d5ec59fad1a8239..ced26a558c5412effdefe363fe0e6409e5c42374 100644 (file)
--- a/ip6tables.c
+++ b/ip6tables.c
@@ -204,6 +204,8 @@ static int inverse_for_options[NUMBER_OF_OPT] =
 const char *program_version;
 const char *program_name;
 
+static char *lib_dir;
+
 /* Keeping track of external matches and targets: linked lists.  */
 struct ip6tables_match *ip6tables_matches = NULL;
 struct ip6tables_target *ip6tables_targets = NULL;
@@ -732,12 +734,12 @@ find_match(const char *name, enum ip6t_tryload tryload, struct ip6tables_rule_ma
 
 #ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
-               char path[sizeof(IP6T_LIB_DIR) + sizeof("/libip6t_.so")
+               char path[strlen(lib_dir) + sizeof("/libip6t_.so")
                         + strlen(name)];
                if (!icmphack)
-                       sprintf(path, IP6T_LIB_DIR "/libip6t_%s.so", name);
+                       sprintf(path, "%s/libip6t_%s.so", lib_dir, name);
                else
-                       sprintf(path, IP6T_LIB_DIR "/libip6t_%s.so", "icmpv6");
+                       sprintf(path, "%s/libip6t_%s.so", lib_dir, "icmpv6");
                if (dlopen(path, RTLD_NOW)) {
                        /* Found library.  If it didn't register itself,
                           maybe they specified target as match. */
@@ -985,9 +987,9 @@ find_target(const char *name, enum ip6t_tryload tryload)
 
 #ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
-               char path[sizeof(IP6T_LIB_DIR) + sizeof("/libip6t_.so")
+               char path[strlen(lib_dir) + sizeof("/libip6t_.so")
                         + strlen(name)];
-               sprintf(path, IP6T_LIB_DIR "/libip6t_%s.so", name);
+               sprintf(path, "%s/libip6t_%s.so", lib_dir, name);
                if (dlopen(path, RTLD_NOW)) {
                        /* Found library.  If it didn't register itself,
                           maybe they specified match as a target. */
@@ -1721,6 +1723,10 @@ int do_command6(int argc, char *argv[], char **table, ip6tc_handle_t *handle)
 
        memset(&fw, 0, sizeof(fw));
 
+       lib_dir = getenv("IP6TABLES_LIB_DIR");
+       if (!lib_dir)
+               lib_dir = IP6T_LIB_DIR;
+
        /* re-set optind to 0 in case do_command gets called
         * a second time */
        optind = 0;

diff --git a/iptables.c b/iptables.c
index 12fe316d1a30c5c7c6552f4c5a051763f320a732..c6f19c229a4f58a640e2c2a3f64a5686f48b4ef3 100644 (file)
--- a/iptables.c
+++ b/iptables.c
@@ -218,6 +218,8 @@ struct pprot {
        u_int8_t num;
 };
 
+static char *lib_dir;
+
 /* Primitive headers... */
 /* defined in netinet/in.h */
 #if 0
@@ -675,9 +677,9 @@ find_match(const char *name, enum ipt_tryload tryload, struct iptables_rule_matc
 
 #ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
-               char path[sizeof(IPT_LIB_DIR) + sizeof("/libipt_.so")
+               char path[strlen(lib_dir) + sizeof("/libipt_.so")
                         + strlen(name)];
-               sprintf(path, IPT_LIB_DIR "/libipt_%s.so", name);
+               sprintf(path, "%s/libipt_%s.so", lib_dir, name);
                if (dlopen(path, RTLD_NOW)) {
                        /* Found library.  If it didn't register itself,
                           maybe they specified target as match. */
@@ -985,9 +987,9 @@ find_target(const char *name, enum ipt_tryload tryload)
 
 #ifndef NO_SHARED_LIBS
        if (!ptr && tryload != DONT_LOAD) {
-               char path[sizeof(IPT_LIB_DIR) + sizeof("/libipt_.so")
+               char path[strlen(lib_dir) + sizeof("/libipt_.so")
                         + strlen(name)];
-               sprintf(path, IPT_LIB_DIR "/libipt_%s.so", name);
+               sprintf(path, "%s/libipt_%s.so", lib_dir, name);
                if (dlopen(path, RTLD_NOW)) {
                        /* Found library.  If it didn't register itself,
                           maybe they specified match as a target. */
@@ -1718,6 +1720,10 @@ int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle)
 
        memset(&fw, 0, sizeof(fw));
 
+       lib_dir = getenv("IPTABLES_LIB_DIR");
+       if (!lib_dir)
+               lib_dir = IPT_LIB_DIR;
+
        /* re-set optind to 0 in case do_command gets called
         * a second time */
        optind = 0;