From: varun <varun@rocsys.com>
To: netdev@vger.kernel.org
Subject: iptables doubt
Date: Wed, 26 Apr 2006 12:39:22 +0530 [thread overview]
Message-ID: <444F1CA2.4030904@rocsys.com> (raw)
Hi all,
Ive been trying to understand iptables kernel code and
basically how it functions. In doing so i have a few questions.
In the file ip_tables.c there is call do_replace() which
is used as the start point entry from sockopt.
That is this gets called everytime a user entrers
policies from user. Here that data is given to me in the form of
void __user *user.
This iam copying to kernel space and dereferencing into
ipt_replace and so on. Am i right?
The first question is user seems to send a size as 860
when trying to add the first policy. Does that mean that user is
maintaining the offset of the policies added?
tmp.size shows as 768 which is (4 default policies x
sizeof(struct ipt_standard)) + sizeof(struct ipt_error)
Am i correct in understanding? If so why should user
space kernel policy offset?
Next thing is i added one extra field (int
num)in the struct ipt_entry_target . This is added after the unsigned
char data[0] field.
struct ipt_entry_target
{
union {
struct {
u_int16_t target_size;
/* Used by userspace */
char name[IPT_FUNCTION_MAXNAMELEN-1];
u_int8_t revision;
} user;
struct {
u_int16_t target_size;
/* Used inside the kernel */
struct ipt_target *target;
} kernel;
/* Total length */
u_int16_t target_size;
} u;
unsigned char data[0];
unsigned int uniqueId; /*I added this*/
};
Iam using this field to give a global id from my kernel for every
policy added excluding the default ones added by kernel. So if someone
calls for iptables -F or iptables -t filter -D .... then this number
should not be assigned to the structure.
I want to know where is the correct place to add this value to
structure without effecting the functionality.
Iam also aware that making this change in structure will result in
segmentation fault un userspace. Ill handel it seperately.
Can this be done? Please help me in this regard.
How can i know from the kernel structures if the policy is for -A or -D
or -F ?
Varun
reply other threads:[~2006-04-26 7:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=444F1CA2.4030904@rocsys.com \
--to=varun@rocsys.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).