[PATCH] firewall3: remove unnecessary fw3_has_table

Rui Salvaterra rsalvaterra at gmail.com
Fri Feb 11 01:04:08 PST 2022


Hi, Wenli,

On Thu, 10 Feb 2022 at 19:19, Wenli Looi <wlooi at ucalgary.ca> wrote:
>
> Hi Rui and Ansuel,
>
> Can you take a look at this patch I sent a while ago for firewall3? I
> think it is a better solution for the problem in kernel 5.15+ that is
> identified here.
>
> http://lists.openwrt.org/pipermail/openwrt-devel/2022-January/037534.html
>
> Note that Ansuel's commit also seems to fix the problem with
> LXC/LXD/Docker, because poking the table with fw3_ipt_open makes it
> show up in ip_tables_names under Linux containers. However, as stated
> in the commit, I don't think we need to check ip_tables_names at all?

[patch snipped]

Does this still work when a table missing from the system? In other
words, when a table is compiled as a module, available in an
installable kernel package, but not installed in the system by default
(as is the case for the raw table in the kmod-ipt-raw package)? That's
the point of fw3_has_table, to check if a table exists in the system
before using it.

Thanks,
Rui



More information about the openwrt-devel mailing list