On Thursday 2009-05-28 01:07, Adam Nielsen wrote:
>>> In other words, is there a function only called the first time the rule is
>>> added by iptables? Or should I be keeping track of that myself?
>>
>> You forget that iptables does not add rules. It replaces entire tables,
>> and to make that atomic, the new table is checked before the old one
>> is released. And yes, you usually try to lookup a led trigger first
>> before creating one, because there can be a table that calls -j LED
>> twice.
>
>Thanks for the explanation! So - to get it straight in my mind - the
>checkentry function will be called multiple times while the trigger exists,
>but is the destroy function also called multiple times? Or is checkentry
>called whenever tables are created, but destroy only ever called once when the
>table is removed for the last time?
old table new table new table 2
==================================================
(is in place)
checkentry
(put into place)
destroy
checkentry
(put into place)
destroy
>
>Just trying to work out whether I need to avoid removing the LED trigger in
>the destroy function as well.
Yes, as destroy can - and usually is - called after a new table has
ran through checkentry. With the use of some sort of refcounting, it's
easy: checkentry upps it, and destroy downs it. If the refcount goes to zero,
remove the trigger.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
