netfilter module and shared libraries

netfilter module and shared libraries

[Mark Ryden]

Hello,

I wrote a simple, short (35 lines) netfilter module (XTable target)
The code is below.
I build it and insmoded it.
When I try to add this iptables rule:

iptables -A OUTPUT -p UDP --dport 9998 -j ECHO

I get this error:

iptables v1.4.5: Couldn't load target `ECHO':/lib64/xtables/libipt_ECHO.so:
cannot open shared object file: No such file or directory


My question is: for a simple netfilter module like this ("ECHO"), must
I create a
corresponding shared library  (libipt_ECHO.so)?

Is there a way to avoid this when adding such a rule,
using some default mechansim ?
	
here is the code for the kernel module I wrote:	

// echoTarget.c

#include "linux/netfilter/x_tables.h"

static unsigned int echo_tg4(struct sk_buff *skb,
														 const struct xt_target_param *par)
{
	printk("in %s %s\n",__FUNCTION__,__FILE__);
	return NF_DROP;
}

static struct xt_target echo_tg_reg = {
	.name     = "ECHO",
	.revision = 0,
	.family   = NFPROTO_IPV4,
	.proto    = IPPROTO_UDP,
	.target   = echo_tg4,
	.me       = THIS_MODULE,
};

static int __init echo_tg_init(void)
{
	return xt_register_target(&echo_tg_reg);
	
}

static void __exit echo_tg_exit(void)
{
	xt_unregister_target(&echo_tg_reg);
}

module_init(echo_tg_init);
module_exit(echo_tg_exit);

MODULE_AUTHOR ("test");
MODULE_DESCRIPTION ("tartet");
MODULE_LICENSE("GPL");

Re: netfilter module and shared libraries

[Jan Engelhardt]

On Thursday 2010-04-01 13:46, Mark Ryden wrote:

>Hello,
>
>I wrote a simple, short (35 lines) netfilter module (XTable target)
>The code is below.
>I build it and insmoded it.
>When I try to add this iptables rule:
>
>iptables -A OUTPUT -p UDP --dport 9998 -j ECHO

(Note that there is already an "ECHO" target in Xtables-addons ;-))

>I get this error:
>
>iptables v1.4.5: Couldn't load target `ECHO':/lib64/xtables/libipt_ECHO.so:
>cannot open shared object file: No such file or directory
>
>
>My question is: for a simple netfilter module like this ("ECHO"), must
>I create a
>corresponding shared library  (libipt_ECHO.so)?

Yes.

>Is there a way to avoid this when adding such a rule,
>using some default mechansim ?

Let's ask Patrick:

What do you think of enabling iptables to assume targets with .size=0 
(which don't have options by design) if there was no libxt_XYZ.so found? 
That would make things like libxt_NOTRACK.c obsolete, too.

Re: netfilter module and shared libraries

[Patrick McHardy]

Jan Engelhardt wrote:
> On Thursday 2010-04-01 13:46, Mark Ryden wrote:
> 
>> Is there a way to avoid this when adding such a rule,
>> using some default mechansim ?
> 
> Let's ask Patrick:
> 
> What do you think of enabling iptables to assume targets with .size=0 
> (which don't have options by design) if there was no libxt_XYZ.so found? 
> That would make things like libxt_NOTRACK.c obsolete, too.

No general objections, but how many modules are there really
that don't take options? Feel free to try, if your patch doesn't
affect error reporting and stays below 15 lines, I'll apply
it :)