* Problem with extended-match deletion
@ 2003-08-18 15:34 Massimiliano Cuzzoli
0 siblings, 0 replies; 3+ messages in thread
From: Massimiliano Cuzzoli @ 2003-08-18 15:34 UTC (permalink / raw)
To: netfilter-devel
Hi all,
I've wrote a new match for iptables 1.2.7a.
All features, that I've implemented in it, run very well but
there is a problem when I try to remove the rule with my match.
I execute iptables command with "-D" option and the same parameters of
rule insertion.
EXAMPLE:
Insert:
$> iptables -I PREROUTING -t mangle -m my_match --my_option -j DROP
Delete:
$> iptables -D PREROUTING -t mangle -m my_match --my_option -j DROP
Then I've received the following message:
"iptables: Bad rule (does a matching rule exist in that chain?)"
There isn't any problem if I remove the rule with a FLUSH operation "-F".
Can Anybody help me???
Regards,
Mike-Ro-Chanel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Problem with extended-match deletion
[not found] ` <012a01c36651$0889f970$010f430a@elite.co.in>
@ 2003-08-19 13:37 ` Massimiliano Cuzzoli
[not found] ` <018401c36659$e505a220$010f430a@elite.co.in>
0 siblings, 1 reply; 3+ messages in thread
From: Massimiliano Cuzzoli @ 2003-08-19 13:37 UTC (permalink / raw)
To: Sumit Pandya; +Cc: netfilter-devel
Hi Sumit,
I try to write a kernel module similar to ipt_limit.c:
-->>> My match structure is:
struct ipt_bwctrl_info {
unsigned long rate; /* in Kbit/sec */
unsigned long mark;
unsigned long burst; /* in Kbit */
unsigned long old_tstamp;
unsigned long bit_burst; /* in bit */
unsigned long bit_bonus; /* in bit */
unsigned long bit_per_jiffy; /* in bit */
/* As master field of ipt_limit.h !!!! */
struct ipt_bwctrl_info *original;
};
-->>> My check_entry function:
static int bwcontrol_checkentry(const char *tablename, const struct
ipt_ip *ip,
void *matchinfo, unsigned int matchsize,
unsigned int hookmask) {
struct ipt_bwctrl_info *bw_info;
if (matchsize!=IPT_ALIGN(sizeof(struct ipt_bwctrl_info))) {
return(0);
}
bw_info=(struct ipt_bwctrl_info *) matchinfo;
/* Init *bw_info fields... */
/* ........................*/
bw_info->original=bw_info; /* for SMP */
return(1);
}
-->>> My match function:
static int bwcontrol_match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const void *matchinfo, int offset,
const void *hdr, u_int16_t datalen,
int *hotdrop) {
struct ipt_bwctrl_info *bw_info;
bw_info=((struct ipt_bwctrl_info *) matchinfo)->original; /*for SMP*/
spin_lock_bh(&bwcontrol_lock); /* SMP lock */
/* Match controls ......... */
/* ........................ */
spin_unlock_bh(&bwcontrol_lock); /* SMP unlock */
return(1);
}
Regards.
Sumit Pandya has wrote:
>>Date: Mon, 18 Aug 2003 17:34:40 +0200
>>From: Massimiliano Cuzzoli <mcuzzoli@mbigroup.it>
>>
>>Hi all,
>
> Hi
>
>>I've wrote a new match for iptables 1.2.7a.
>
> Will you write more details? Some of its intended purpose ;-)
>
>>All features, that I've implemented in it, run very well but
>>there is a problem when I try to remove the rule with my match.
>
> Are you sure you not changing (void*) matchinfo structure from matchentry
> function within kernel module?
>
>>Can Anybody help me???
>
> Hope this helps :-)
> -- Sumit
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Problem with extended-match deletion
[not found] ` <018401c36659$e505a220$010f430a@elite.co.in>
@ 2003-08-19 14:14 ` Massimiliano Cuzzoli
0 siblings, 0 replies; 3+ messages in thread
From: Massimiliano Cuzzoli @ 2003-08-19 14:14 UTC (permalink / raw)
To: Sumit Pandya; +Cc: netfilter-devel
Ok Sumit,
now perhaps I've found my error:
I define:
static struct iptables_match bwcontrol = {
NULL,
"bwcontrol",
NETFILTER_VERSION,
IPT_ALIGN(sizeof(struct ipt_bwctrl_info)),
-->>>> IPT_ALIGN(sizeof(struct ipt_bwctrl_info)),
&help_bwcontrol,
&init_bwcontrol,
&parse_bwcontrol,
&final_check,
&print_bwcontrol,
&save_bwcontrol,
opts
};
Thank you very much!!!
Sumit Pandya wrote:
> I think you have overlooked some text from my previous reply
>
>>>Are you sure you not changing (void*) matchinfo structure from
>
> matchentry
>
>>>function within kernel module?
>
> From your reply it seems that bwcontrol_checkentry is doing what I
> doubted. If it is so then in your userland library you need this kind of
> defination
> static
> struct iptables_match bwcontrol = {
> NULL,
> "bwcontrol",
> NETFILTER_VERSION,
> IPT_ALIGN(sizeof(struct ipt_bwctrl_info)),
> offsetof(struct ipt_bwctrl_info, original),
> &help_bwcontrol,
> &init_bwcontrol,
> &parse_bwcontrol,
> &final_check,
> &print_bwcontrol,
> &save_bwcontrol,
> opts
> };
> --Sumit
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-19 14:14 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-18 15:34 Problem with extended-match deletion Massimiliano Cuzzoli
[not found] <20030819102424.16725.44717.Mailman@kashyyyk>
[not found] ` <012a01c36651$0889f970$010f430a@elite.co.in>
2003-08-19 13:37 ` Massimiliano Cuzzoli
[not found] ` <018401c36659$e505a220$010f430a@elite.co.in>
2003-08-19 14:14 ` Massimiliano Cuzzoli
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.