Hi all, I've just discovered a small bug in the xt_LED target I submitted a couple of months back, but I'm not sure of the best way of fixing it. When iptables adds a rule with the LED target, it calls the "checkentry" function (led_tg_check) to confirm that the rule conditions are valid. This target doesn't care what the rule is, so the code returns success after creating a new LED trigger elsewhere in the kernel. The problem is that if you create a new chain, add a rule to it with the LED target, then add *other* rules that point to the new chain, the "checkentry" function gets called multiple times (to make sure the new rules are valid) which means the led_tg_check function tries to create the same trigger multiple times (which fails.) For example: $ iptables -N scroll_lock $ iptables -A scroll_lock -j LED --led-trigger-id http // led_tg_check() called and registers the "netfilter-http" LED trigger $ iptables -I INPUT 1 -p tcp --sport 80 -j scroll_lock iptables: Invalid argument. Run `dmesg' for more information. // led_tg_check() was called again and failed $ dmesg xt_LED: led_trigger_register() failed xt_LED: Trigger name is already in use. In other words, is there a function only called the first time the rule is added by iptables? Or should I be keeping track of that myself? Thanks, Adam. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
