iptables_target and unknown size data.

iptables_target and unknown size data.

[Emmanuel Guiton]

Hei!

I am writing an iptables extension. It's a new target. My problem is 
that I need to use a linked list whose size is unknown when registering 
the target. As I am not very familiar with the alignment problems, I am 
wondering if it can cause any trouble?

To be a bit more concrete, is the following ok?

struct ipt_sd_host
{
    struct in_addr    address;
    int                port;            
    struct ipt_sd_host    *next_host;
};

struct ip_new_targ_data
{
    struct ipt_sd_host   *host_list;
    int                            min_port;
    int                            max_port;
};

static
struct iptables_target my_new_target
= { NULL,
    "NEWTARG",
    IPTABLES_VERSION,
    IPT_ALIGN(sizeof(struct ip_new_targ_data)),
    IPT_ALIGN(sizeof(struct ip_new_targ_data)),
    &help,
    &init,
    &parse,
    &final_check,
    &print,
    &save,
    opts
};


                 Emmanuel

Re: iptables_target and unknown size data.

[Henrik Nordstrom]

On Wed, 26 Nov 2003, Emmanuel Guiton wrote:

> I am writing an iptables extension. It's a new target. My problem is 
> that I need to use a linked list whose size is unknown when registering 
> the target. As I am not very familiar with the alignment problems, I am 
> wondering if it can cause any trouble?

Not sure doing this is even possible. The target/match size needs to be 
static in iptables extensions.

What surely is possible is to have the list loaded into another module via 
/proc or something, and then look up the list in the check() function of 
the target/match.

Extending iptables to support variable sized targets/matches is possible 
bu simply dropping the size checks from ip_tables.c and extending the 
userspace to allow matches/extensions to grow their data, but you will 
need to encode the data using offsets not pointers.

Regards
Henrik