Re: Problem with extended-match deletion

All of lore.kernel.org
 help / color / mirror / Atom feed

* Re: Problem with extended-match deletion
       [not found] ` <012a01c36651$0889f970$010f430a@elite.co.in>
@ 2003-08-19 13:37   ` Massimiliano Cuzzoli
       [not found]     ` <018401c36659$e505a220$010f430a@elite.co.in>
  0 siblings, 1 reply; 3+ messages in thread
From: Massimiliano Cuzzoli @ 2003-08-19 13:37 UTC (permalink / raw)
  To: Sumit Pandya; +Cc: netfilter-devel

Hi Sumit,
I try to write a kernel module similar to ipt_limit.c:

-->>> My match structure is:
struct ipt_bwctrl_info {
   unsigned long rate;  /* in Kbit/sec */
   unsigned long mark;
   unsigned long burst; /* in Kbit */

   unsigned long old_tstamp;
   unsigned long bit_burst; /* in bit */
   unsigned long bit_bonus; /* in bit */
   unsigned long bit_per_jiffy; /* in bit */

   /* As master field of ipt_limit.h !!!! */
   struct ipt_bwctrl_info *original;
};

-->>> My check_entry function:
static int bwcontrol_checkentry(const char *tablename, const struct 
ipt_ip *ip,
				void *matchinfo, unsigned int matchsize,
				unsigned int hookmask) {

   struct ipt_bwctrl_info *bw_info;

   if (matchsize!=IPT_ALIGN(sizeof(struct ipt_bwctrl_info))) {
     return(0);
   }

   bw_info=(struct ipt_bwctrl_info *) matchinfo;

   /* Init *bw_info fields... */
   /* ........................*/

   bw_info->original=bw_info; /* for SMP */

   return(1);
}

-->>> My match function:
static int bwcontrol_match(const struct sk_buff *skb,
			   const struct net_device *in,
			   const struct net_device *out,
			   const void *matchinfo, int offset,
			   const void *hdr, u_int16_t datalen,
			   int *hotdrop) {

   struct ipt_bwctrl_info *bw_info;

   bw_info=((struct ipt_bwctrl_info *) matchinfo)->original; /*for SMP*/

   spin_lock_bh(&bwcontrol_lock); /* SMP lock */

   /* Match controls ......... */
   /* ........................ */

   spin_unlock_bh(&bwcontrol_lock); /* SMP unlock */

   return(1);
}

Regards.

Sumit Pandya has wrote:
>>Date: Mon, 18 Aug 2003 17:34:40 +0200
>>From: Massimiliano Cuzzoli <mcuzzoli@mbigroup.it>
>>
>>Hi all,
> 
> Hi
> 
>>I've wrote a new match for iptables 1.2.7a.
> 
> Will you write more details? Some of its intended purpose ;-)
> 
>>All features, that I've implemented in it, run very well but
>>there is a problem when I try to remove the rule with my match.
> 
> Are you sure you not changing (void*) matchinfo structure from matchentry
> function within kernel module?
> 
>>Can Anybody help me???
> 
> Hope this helps :-)
> -- Sumit

^ permalink raw reply	[flat|nested] 3+ messages in thread

[parent not found: <018401c36659$e505a220$010f430a@elite.co.in>]

* Re: Problem with extended-match deletion
       [not found]     ` <018401c36659$e505a220$010f430a@elite.co.in>
@ 2003-08-19 14:14       ` Massimiliano Cuzzoli
  0 siblings, 0 replies; 3+ messages in thread
From: Massimiliano Cuzzoli @ 2003-08-19 14:14 UTC (permalink / raw)
  To: Sumit Pandya; +Cc: netfilter-devel

Ok Sumit,
now perhaps I've found my error:
I define:

static struct iptables_match bwcontrol = {
         NULL,
         "bwcontrol",
         NETFILTER_VERSION,
         IPT_ALIGN(sizeof(struct ipt_bwctrl_info)),
-->>>>  IPT_ALIGN(sizeof(struct ipt_bwctrl_info)),
         &help_bwcontrol,
         &init_bwcontrol,
         &parse_bwcontrol,
         &final_check,
         &print_bwcontrol,
         &save_bwcontrol,
         opts
};

Thank you very much!!!

Sumit Pandya wrote:
> I think you have overlooked some text from my previous reply
> 
>>>Are you sure you not changing (void*) matchinfo structure from
> 
> matchentry
> 
>>>function within kernel module?
> 
>     From your reply it seems that bwcontrol_checkentry is doing what I
> doubted. If it is so then in your userland library you need this kind of
> defination
> static
> struct iptables_match bwcontrol = {
>         NULL,
>         "bwcontrol",
>         NETFILTER_VERSION,
>         IPT_ALIGN(sizeof(struct ipt_bwctrl_info)),
>         offsetof(struct ipt_bwctrl_info, original),
>         &help_bwcontrol,
>         &init_bwcontrol,
>         &parse_bwcontrol,
>         &final_check,
>         &print_bwcontrol,
>         &save_bwcontrol,
>         opts
> };
> --Sumit

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Problem with extended-match deletion
@ 2003-08-18 15:34 Massimiliano Cuzzoli
  0 siblings, 0 replies; 3+ messages in thread
From: Massimiliano Cuzzoli @ 2003-08-18 15:34 UTC (permalink / raw)
  To: netfilter-devel

Hi all,
I've wrote a new match for iptables 1.2.7a.
All features, that I've implemented in it, run very well but
there is a problem when I try to remove the rule with my match.
I execute iptables command with "-D" option and the same parameters of 
rule insertion.

EXAMPLE:

Insert:
$> iptables -I PREROUTING -t mangle -m my_match --my_option -j DROP

Delete:
$> iptables -D PREROUTING -t mangle -m my_match --my_option -j DROP

Then I've received the following message:

"iptables: Bad rule (does a matching rule exist in that chain?)"

There isn't any problem if I remove the rule with a FLUSH operation "-F".

Can Anybody help me???

Regards,

	Mike-Ro-Chanel

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2003-08-19 14:14 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20030819102424.16725.44717.Mailman@kashyyyk>
     [not found] ` <012a01c36651$0889f970$010f430a@elite.co.in>
2003-08-19 13:37   ` Problem with extended-match deletion Massimiliano Cuzzoli
     [not found]     ` <018401c36659$e505a220$010f430a@elite.co.in>
2003-08-19 14:14       ` Massimiliano Cuzzoli
2003-08-18 15:34 Massimiliano Cuzzoli

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.