From: Brad Fisher <brad@info-link.net>
To: Henrik Nordstrom <hno@marasystems.com>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: Re: Suggestion for RETURN target
Date: Wed, 03 Dec 2003 11:26:37 -0600 [thread overview]
Message-ID: <3FCE1CCD.C7D69EF9@info-link.net> (raw)
In-Reply-To: Pine.LNX.4.44.0312030908390.5506-100000@filer.marasystems.com
I'm not sure that would do exactly what I require. If I understand you
correctly, when you fall off the end of a chain called with a "goto"
operation, it would return back 2 chains (or execute the default policy on a
built-in?). This is different than my suggestion, since as I envision it,
the only time you would go back more than one chain would be if a rule
specifically requested it. For example,
iptables -N chain4
iptables -A chain4 -s 192.168.0.1 -j RETURN --return-to 3
iptables -N chain3
iptables -A chain3 -j chain4
iptables -A chain3 -s 192.168.0.2 -j RETURN --return-to 2
.. other rules for chain3 here ...
iptables -N chain2
iptables -A chain2 -j chain3
... other rules for chain2 here ...
iptables -N chain1
iptables -A chain1 -j chain2
... other rules for chain1 here ...
iptables -A INPUT -j chain1
In this example, the source ip 192.168.0.1 will cause chain4 to return to
chain1 (the third chain in the call stack), but any other IP will cause it to
fall off the end and return to chain3 (the caller). After returning to
chain3, an ip of 192.168.0.2 will cause a return to chain1 (the second chain
in the call stack), and any other ip will return to chain2 (the caller).
Well, this assumes any other rules in the respective chains don't chainge
that behavior...
Anyway, this is a contrived example, but hopefully illustrates the idea
better?
Does anyone have any ideas on whether this would be possible to do and if so
would they have any pointers on where I should start looking? I don't mind
writing the code myself...
-Brad
Henrik Nordstrom wrote:
> On Tue, 2 Dec 2003, Brad Fisher wrote:
>
> > Would it be possible to modify the RETURN target in such a way that it
> > could return to an arbitrary chain in the call stack instead of only to
> > the previous chain?
>
> >From your description it more looks like you need a true jump/goto
> operation, not a "call" operation.. this would be like the current jump
> operation except that the current chain is not saved on the call stack.
>
> Regards
> Henrik
next prev parent reply other threads:[~2003-12-03 17:26 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-03 0:35 Suggestion for RETURN target Brad Fisher
2003-12-03 8:19 ` Henrik Nordstrom
2003-12-03 17:26 ` Brad Fisher [this message]
2003-12-03 20:11 ` Henrik Nordstrom
2003-12-03 20:30 ` Brad Fisher
2003-12-03 22:49 ` Henrik Nordstrom
2003-12-04 19:13 ` Brad Fisher
2003-12-04 21:02 ` Henrik Nordstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3FCE1CCD.C7D69EF9@info-link.net \
--to=brad@info-link.net \
--cc=hno@marasystems.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.