From: Richard Weinberger <richard@nod.at>
To: netfilter-devel@vger.kernel.org
Subject: xt_target checkentry()/destroy() semantics
Date: Wed, 11 Jan 2012 02:32:48 +0100 [thread overview]
Message-ID: <4F0CE6C0.6080900@nod.at> (raw)
[-- Attachment #1: Type: text/plain, Size: 2679 bytes --]
Hi!
I always thought that checkentry()/destroy() are being called upon rule insertion/deletion.
So I assumed that this command sequence prints three times "test_tg_check" and then three times
"test_tg_destroy". But it's not the case.
$ iptables -A INPUT -j TEST
$ iptables -A INPUT -j TEST
$ iptables -A INPUT -j TEST
$ iptables -D INPUT -j TEST
$ iptables -D INPUT -j TEST
$ iptables -D INPUT -j TEST
This is the real output:
(On 3.2.0-rc6)
[90330.168306] test_tg_destroy
[90330.171099] test_tg_destroy
[90330.173901] test_tg_destroy
[90343.768654] test_tg_check
[90345.773073] test_tg_check
[90345.775691] test_tg_check
[90345.778330] test_tg_destroy
[90347.782798] test_tg_check
[90347.785417] test_tg_check
[90347.788044] test_tg_check
[90347.790663] test_tg_destroy
[90347.793454] test_tg_destroy
[90372.581020] test_tg_check
[90372.583639] test_tg_check
[90372.586275] test_tg_destroy
[90372.589059] test_tg_destroy
[90372.591843] test_tg_destroy
[90374.596452] test_tg_check
[90374.599080] test_tg_destroy
[90374.601875] test_tg_destroy
[90376.606409] test_tg_destroy
How comes that?
Is there a way to detect the insertion/removal of a rule using my TEST target?
The comments in x_tables.h are not really helpful.
/* Called when user tries to insert an entry of this type:
hook_mask is a bitmask of hooks from which it can be
called. */
/* Should return 0 on success or an error code otherwise (-Exxxx). */
int (*checkentry)(const struct xt_tgchk_param *);
/* Called when entry of this type deleted. */
void (*destroy)(const struct xt_tgdtor_param *);
Thanks,
//richard
P.s: The TEST target is attached.
---
static unsigned int
test_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
return XT_CONTINUE;
}
static int test_tg_check(const struct xt_tgchk_param *par)
{
printk(KERN_ERR "test_tg_check\n");
return 0;
}
static void test_tg_destroy(const struct xt_tgdtor_param *par)
{
printk(KERN_ERR "test_tg_destroy\n");
}
static struct xt_target test_tg_reg __read_mostly = {
.name = "TEST",
.family = NFPROTO_IPV4,
.target = test_tg,
.targetsize = 0,
.checkentry = test_tg_check,
.destroy = test_tg_destroy,
.me = THIS_MODULE,
};
static void __exit test_exit(void)
{
xt_unregister_target(&test_tg_reg);
}
module_exit(test_exit);
static int __init test_init(void)
{
return xt_register_target(&test_tg_reg);
}
module_init(test_init);
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
next reply other threads:[~2012-01-11 1:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-11 1:32 Richard Weinberger [this message]
2012-01-11 6:45 ` xt_target checkentry()/destroy() semantics Jan Engelhardt
2012-01-11 9:52 ` Richard Weinberger
2012-01-11 10:27 ` Maciej Żenczykowski
2012-01-11 10:38 ` Richard Weinberger
2012-01-11 10:49 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F0CE6C0.6080900@nod.at \
--to=richard@nod.at \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).