* Checking add/remove rules
@ 2005-08-22 14:01 Silimite
2005-08-25 3:12 ` Silimite
0 siblings, 1 reply; 4+ messages in thread
From: Silimite @ 2005-08-22 14:01 UTC (permalink / raw)
To: netfilter-devel
Is there any reliable way to tell when a rule is added or removed from
within an iptables module?
I know you can see when they are added and removed in the check() and
destroy() functions but it seems those are called multiple times and
there does not appear to be a way to determine exactly when a rule is
being added or removed.
Thanks for any information!
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Checking add/remove rules
2005-08-22 14:01 Checking add/remove rules Silimite
@ 2005-08-25 3:12 ` Silimite
2005-08-25 6:00 ` Martin Josefsson
0 siblings, 1 reply; 4+ messages in thread
From: Silimite @ 2005-08-25 3:12 UTC (permalink / raw)
To: netfilter-devel
Should I take this silence as meaning this is not possible? Or maybe
no one knows?
Even a "that's not possible" answer would be nice.
Thanks
S
On 8/22/05, Silimite <silimite@gmail.com> wrote:
> Is there any reliable way to tell when a rule is added or removed from
> within an iptables module?
>
> I know you can see when they are added and removed in the check() and
> destroy() functions but it seems those are called multiple times and
> there does not appear to be a way to determine exactly when a rule is
> being added or removed.
>
> Thanks for any information!
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Checking add/remove rules
2005-08-25 3:12 ` Silimite
@ 2005-08-25 6:00 ` Martin Josefsson
2005-08-25 12:32 ` Silimite
0 siblings, 1 reply; 4+ messages in thread
From: Martin Josefsson @ 2005-08-25 6:00 UTC (permalink / raw)
To: Silimite; +Cc: netfilter-devel
On Wed, 24 Aug 2005, Silimite wrote:
> Should I take this silence as meaning this is not possible? Or maybe
> no one knows?
>
> Even a "that's not possible" answer would be nice.
It is possible, it's ugly but possible.
Look at the geoip match in patch-o-matic-ng, more exactly the refcounting
in the checkentry()/destroy() functions in ipt_geoip.c And look at the
posision of the refcount member of the ipt_geoip_info struct in the
includefile. And look at the size and userspacesize members of struct
iptables_match in libipt_geoip.c
I hope that helps.
/Martin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Checking add/remove rules
2005-08-25 6:00 ` Martin Josefsson
@ 2005-08-25 12:32 ` Silimite
0 siblings, 0 replies; 4+ messages in thread
From: Silimite @ 2005-08-25 12:32 UTC (permalink / raw)
To: Martin Josefsson; +Cc: netfilter-devel
Thanks! That's what I needed to know. I was mostly just wondering if
there was a way besides something like ref-counting. Since there does
not seem to be another way I now know what to do.
Thanks again.
S
On 8/25/05, Martin Josefsson <gandalf@wlug.westbo.se> wrote:
> Look at the geoip match in patch-o-matic-ng, more exactly the refcounting
> in the checkentry()/destroy() functions in ipt_geoip.c And look at the
> posision of the refcount member of the ipt_geoip_info struct in the
> includefile. And look at the size and userspacesize members of struct
> iptables_match in libipt_geoip.c
>
> I hope that helps.
>
> /Martin
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-08-25 12:32 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-08-22 14:01 Checking add/remove rules Silimite
2005-08-25 3:12 ` Silimite
2005-08-25 6:00 ` Martin Josefsson
2005-08-25 12:32 ` Silimite
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.