iptables: rework extension loader
authorJo-Philipp Wich <jo@mein.io>
Sun, 6 Nov 2016 15:47:23 +0000 (16:47 +0100)
committerJo-Philipp Wich <jo@mein.io>
Sun, 6 Nov 2016 15:47:23 +0000 (16:47 +0100)
Now that we wrap xtables_register_match() and xtables_register_target() we do
not need to load the extensions ourselves anymore since there is no need to
keep the library handles for dlclose().

Switch to libxtables own loader by invoking xtables_find_match() and
xtables_find_target() with XTF_TRY_LOAD .

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
iptables.c

index fc22d1aae7bcb2e7ca763ab53a19d6b1eb42eff7..b574f8dc747307b1375bb745ec2c18c928e036e0 100644 (file)
@@ -535,36 +535,14 @@ get_protoname(struct fw3_ipt_rule *r)
        return NULL;
 }
 
-static bool
-load_extension(struct fw3_ipt_handle *h, const char *name)
-{
-       char path[256];
-       void *lib;
-       const char *pfx = (h->family == FW3_FAMILY_V6) ? "libip6t" : "libipt";
-
-       xext.retain = true;
-
-       snprintf(path, sizeof(path), "/usr/lib/iptables/libxt_%s.so", name);
-       if (!(lib = dlopen(path, RTLD_NOW)))
-       {
-               snprintf(path, sizeof(path), "/usr/lib/iptables/%s_%s.so", pfx, name);
-               lib = dlopen(path, RTLD_NOW);
-       }
-
-       xext.retain = false;
-
-       return !!lib;
-}
-
 static struct xtables_match *
 find_match(struct fw3_ipt_rule *r, const char *name)
 {
        struct xtables_match *m;
 
-       m = xtables_find_match(name, XTF_DONT_LOAD, &r->matches);
-
-       if (!m && load_extension(r->h, name))
-               m = xtables_find_match(name, XTF_DONT_LOAD, &r->matches);
+       xext.retain = true;
+       m = xtables_find_match(name, XTF_TRY_LOAD, &r->matches);
+       xext.retain = false;
 
        return m;
 }
@@ -630,20 +608,14 @@ find_target(struct fw3_ipt_rule *r, const char *name)
 {
        struct xtables_target *t;
 
-       if (is_chain(r->h, name)) {
-               t = xtables_find_target(XT_STANDARD_TARGET, XTF_DONT_LOAD);
-
-               if (t)
-                       return t;
-
-               load_extension(r->h, "standard");
-               return xtables_find_target(XT_STANDARD_TARGET, XTF_LOAD_MUST_SUCCEED);
-       }
+       xext.retain = true;
 
-       t = xtables_find_target(name, XTF_DONT_LOAD);
+       if (is_chain(r->h, name))
+               t = xtables_find_target(XT_STANDARD_TARGET, XTF_TRY_LOAD);
+       else
+               t = xtables_find_target(name, XTF_TRY_LOAD);
 
-       if (!t && load_extension(r->h, name))
-               t = xtables_find_target(name, XTF_DONT_LOAD);
+       xext.retain = false;
 
        return t;
 }