netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* xt_target checkentry()/destroy() semantics
@ 2012-01-11  1:32 Richard Weinberger
  2012-01-11  6:45 ` Jan Engelhardt
  0 siblings, 1 reply; 6+ messages in thread
From: Richard Weinberger @ 2012-01-11  1:32 UTC (permalink / raw)
  To: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 2679 bytes --]

Hi!

I always thought that checkentry()/destroy() are being called upon rule insertion/deletion.
So I assumed that this command sequence prints three times "test_tg_check" and then three times
"test_tg_destroy". But it's not the case.

$ iptables -A INPUT -j TEST
$ iptables -A INPUT -j TEST
$ iptables -A INPUT -j TEST
$ iptables -D INPUT -j TEST
$ iptables -D INPUT -j TEST
$ iptables -D INPUT -j TEST

This is the real output:
(On 3.2.0-rc6)

[90330.168306] test_tg_destroy
[90330.171099] test_tg_destroy
[90330.173901] test_tg_destroy
[90343.768654] test_tg_check
[90345.773073] test_tg_check
[90345.775691] test_tg_check
[90345.778330] test_tg_destroy
[90347.782798] test_tg_check
[90347.785417] test_tg_check
[90347.788044] test_tg_check
[90347.790663] test_tg_destroy
[90347.793454] test_tg_destroy
[90372.581020] test_tg_check
[90372.583639] test_tg_check
[90372.586275] test_tg_destroy
[90372.589059] test_tg_destroy
[90372.591843] test_tg_destroy
[90374.596452] test_tg_check
[90374.599080] test_tg_destroy
[90374.601875] test_tg_destroy
[90376.606409] test_tg_destroy

How comes that?
Is there a way to detect the insertion/removal of a rule using my TEST target?

The comments in x_tables.h are not really helpful.
        /* Called when user tries to insert an entry of this type:
           hook_mask is a bitmask of hooks from which it can be
           called. */
        /* Should return 0 on success or an error code otherwise (-Exxxx). */
        int (*checkentry)(const struct xt_tgchk_param *);

        /* Called when entry of this type deleted. */
        void (*destroy)(const struct xt_tgdtor_param *);

Thanks,
//richard

P.s: The TEST target is attached.

---
static unsigned int
test_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
        return XT_CONTINUE;
}

static int test_tg_check(const struct xt_tgchk_param *par)
{
        printk(KERN_ERR "test_tg_check\n");
        return 0;
}

static void test_tg_destroy(const struct xt_tgdtor_param *par)
{
        printk(KERN_ERR "test_tg_destroy\n");
}

static struct xt_target test_tg_reg __read_mostly = {
        .name           = "TEST",
        .family         = NFPROTO_IPV4,
        .target         = test_tg,
        .targetsize     = 0,
        .checkentry     = test_tg_check,
        .destroy        = test_tg_destroy,
        .me             = THIS_MODULE,
};

static void __exit test_exit(void)
{
        xt_unregister_target(&test_tg_reg);
}
module_exit(test_exit);

static int __init test_init(void)
{
        return xt_register_target(&test_tg_reg);
}
module_init(test_init);


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-01-11 10:49 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-11  1:32 xt_target checkentry()/destroy() semantics Richard Weinberger
2012-01-11  6:45 ` Jan Engelhardt
2012-01-11  9:52   ` Richard Weinberger
2012-01-11 10:27     ` Maciej Żenczykowski
2012-01-11 10:38       ` Richard Weinberger
2012-01-11 10:49         ` Jan Engelhardt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).