From 3624c3786601699b6e7f9d18209fad0d7c6fe4e9 Mon Sep 17 00:00:00 2001
From: Ansuel Smith <ansuelsmth@gmail.com>
Date: Fri, 7 Jan 2022 18:22:17 +0100
Subject: firewall3: support table load on access on Linux 5.15+

With Linux 5.15+, tables are loaded on access. Firewall3 uses the
ip{,6}_tables_names proc entries to check if a table exists. In this new
implementation, the proc entries can contain wrong data if a table is present
but never used, and firewall3 will incorrectly think that the table is
unavailable. This causes configuration problems, since after a normal boot the
proc entries contain only the "filter" table and are missing "raw", "mangle" and
"nat".

To fix this, "poke" the tables to load them, simply by opening and closing them
without doing any operation. This simple operation is sufficient to make the
missing tables appear in the proc entries.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Reword the commit message and code comment]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
---
 main.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/main.c b/main.c
index 7ad00b4..9afeb70 100644
--- a/main.c
+++ b/main.c
@@ -266,6 +266,17 @@ start(void)
 			continue;
 		}
 
+		/* Linux 5.15+: make sure the tables are loaded and
+		 * /proc/net/ip{,6}_tables_names are thus populated.
+		 */
+		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
+		{
+			if (!(handle = fw3_ipt_open(family, table)))
+				continue;
+
+			fw3_ipt_close(handle);
+		}
+
 		for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
 		{
 			if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table]))
-- 
cgit v1.2.1