New Target related query.

[Padam J Singh <me@padamj.com>]

[-- Attachment #1: Type: text/plain, Size: 1594 bytes --]

Hi all,

I have written a new iptables target. I followed the regular method of 
registering a new target by the following:


ipt_register_target(...) with a struct like this:
static struct ipt_target ipt_xyz_reg = { { NULL, NULL }, "XYZ", 
ipt_xyz_target, ipt_xyz_checkentry, ipt_xyz_destroy,THIS_MODULE };

 From the userspace, when I create sample rule 1:

iptables -I INPUT -s 172.16.0.1 -j XYZ --param 5
the following functions get called:

ipt_xyz_checkentry. with target info struct populated with 5
the function saves the param in a list and returns 1.


When I create rule 2:
iptables -I INPUT -s 172.16.0.2 -j XYZ --param 6
the following get called:

ipt_xyz_checkentry. with target info struct populated with 6
//the function saves the param in a list and returns 1.

ipt_xyz_checkentry. with target info struct populated with 5
//the function does not save 5 in the list as it already exists and 
returns 1.

ipt_xyz_destroy. with target info struct populated with 5
//the function removes 5 from the list and returns 1.


I was expecting that ipt_xyz_checkentry will be called whenever I create 
a new rule. It seems to call checkentry even for existing rules for 
target XYZ.
I can handle that, however, it also calls destroy, with no user space 
request to delete the rule!

I fail to understand what the issue maybe. How can I stop iptables to 
stop calling the checkentry function for pre-exising rules, and if that 
can't be done, how do i stop it from calling the destroy function on 
it's own.

I am using iptables ver 1.2.11 on kernel 2.4.18-3.


Please help!
Padam Singh.