From 37df903ae8efd88d740b1ed8cc2e0ae384226dd6 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Sun, 6 Nov 2016 16:47:23 +0100 Subject: [PATCH] iptables: rework extension loader Now that we wrap xtables_register_match() and xtables_register_target() we do not need to load the extensions ourselves anymore since there is no need to keep the library handles for dlclose(). Switch to libxtables own loader by invoking xtables_find_match() and xtables_find_target() with XTF_TRY_LOAD . Signed-off-by: Jo-Philipp Wich --- iptables.c | 46 +++++++++------------------------------------- 1 file changed, 9 insertions(+), 37 deletions(-) diff --git a/iptables.c b/iptables.c index fc22d1a..b574f8d 100644 --- a/iptables.c +++ b/iptables.c @@ -535,36 +535,14 @@ get_protoname(struct fw3_ipt_rule *r) return NULL; } -static bool -load_extension(struct fw3_ipt_handle *h, const char *name) -{ - char path[256]; - void *lib; - const char *pfx = (h->family == FW3_FAMILY_V6) ? "libip6t" : "libipt"; - - xext.retain = true; - - snprintf(path, sizeof(path), "/usr/lib/iptables/libxt_%s.so", name); - if (!(lib = dlopen(path, RTLD_NOW))) - { - snprintf(path, sizeof(path), "/usr/lib/iptables/%s_%s.so", pfx, name); - lib = dlopen(path, RTLD_NOW); - } - - xext.retain = false; - - return !!lib; -} - static struct xtables_match * find_match(struct fw3_ipt_rule *r, const char *name) { struct xtables_match *m; - m = xtables_find_match(name, XTF_DONT_LOAD, &r->matches); - - if (!m && load_extension(r->h, name)) - m = xtables_find_match(name, XTF_DONT_LOAD, &r->matches); + xext.retain = true; + m = xtables_find_match(name, XTF_TRY_LOAD, &r->matches); + xext.retain = false; return m; } @@ -630,20 +608,14 @@ find_target(struct fw3_ipt_rule *r, const char *name) { struct xtables_target *t; - if (is_chain(r->h, name)) { - t = xtables_find_target(XT_STANDARD_TARGET, XTF_DONT_LOAD); - - if (t) - return t; - - load_extension(r->h, "standard"); - return xtables_find_target(XT_STANDARD_TARGET, XTF_LOAD_MUST_SUCCEED); - } + xext.retain = true; - t = xtables_find_target(name, XTF_DONT_LOAD); + if (is_chain(r->h, name)) + t = xtables_find_target(XT_STANDARD_TARGET, XTF_TRY_LOAD); + else + t = xtables_find_target(name, XTF_TRY_LOAD); - if (!t && load_extension(r->h, name)) - t = xtables_find_target(name, XTF_DONT_LOAD); + xext.retain = false; return t; } -- 2.11.0