1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
https://bugs.gentoo.org/558234
http://git.netfilter.org/iptables/commit/?id=825fbda5482a7d5ec5a6619c81fe07ff865c7d6e
From 825fbda5482a7d5ec5a6619c81fe07ff865c7d6e Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Fri, 5 Sep 2014 20:45:56 +0200
Subject: [PATCH] extensions: libxt_connlabel: do not open config file from
_init hook
else, static builds will print this for every iptables invocation,
even 'iptables -L'. Delay open until we need to translate a mapping.
Reported-by: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
extensions/libxt_connlabel.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/extensions/libxt_connlabel.c b/extensions/libxt_connlabel.c
index c84a167..1f83095 100644
--- a/extensions/libxt_connlabel.c
+++ b/extensions/libxt_connlabel.c
@@ -29,11 +29,26 @@ static const struct xt_option_entry connlabel_mt_opts[] = {
XTOPT_TABLEEND,
};
+/* cannot do this via _init, else static builds might spew error message
+ * for every iptables invocation.
+ */
+static void connlabel_open(void)
+{
+ if (map)
+ return;
+
+ map = nfct_labelmap_new(NULL);
+ if (!map && errno)
+ xtables_error(RESOURCE_PROBLEM, "cannot open connlabel.conf: %s\n",
+ strerror(errno));
+}
+
static void connlabel_mt_parse(struct xt_option_call *cb)
{
struct xt_connlabel_mtinfo *info = cb->data;
int tmp;
+ connlabel_open();
xtables_option_parse(cb);
switch (cb->entry->id) {
@@ -54,7 +69,11 @@ static void connlabel_mt_parse(struct xt_option_call *cb)
static const char *connlabel_get_name(int b)
{
- const char *name = nfct_labelmap_get_name(map, b);
+ const char *name;
+
+ connlabel_open();
+
+ name = nfct_labelmap_get_name(map, b);
if (name && strcmp(name, ""))
return name;
return NULL;
@@ -114,11 +133,5 @@ static struct xtables_match connlabel_mt_reg = {
void _init(void)
{
- map = nfct_labelmap_new(NULL);
- if (!map) {
- fprintf(stderr, "cannot open connlabel.conf, not registering '%s' match: %s\n",
- connlabel_mt_reg.name, strerror(errno));
- return;
- }
xtables_register_match(&connlabel_mt_reg);
}
--
2.4.4
|
GitWeb