* Jan Engelhardt wrote, On 21/10/07 23:14: > Hi Sam, > > > just for the fun of it, I tried: > > iptables -t mangle -A PREROUTING -m gateway --nexthop 10.10.96.1 > > and it locked up hard (not even sysrq-b was possible). > I am not sure why that happened - it does work properly in -t filter -A > OUTPUT, though. I'll experiment a bit. > The codebase I am on is at > http://dev.computergmbh.de/wsvn/misc_kernel/xt_gateway/ Yeah, my match function was very verbose: { const struct ipt_gateway_info *info = matchinfo; const struct iphdr *iph = skb->nh.iph; return ( !!(info->flags & IPT_GATEWAY_INV) ^ ( skb && skb->dst && skb->dst->neighbour && ... It assumes that IF skb->dst is set, that it is a neighbour table entry. Your code is: dst = skb->dst; if ((neigh = dst->neighbour) == NULL) return false; It doesn't consider that skb->dst may be NULL, which it will in PRE_ROUTING. Sam - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
