Hi,
Is there any technical difficulties associated with the following scenario:
1) its invoked with $iptables -t mangle -A PREROUTING -j MY_TARGET
2) My target module is initialized as :
static struct xt_target obsf_tg_reg __read_mostly = {
.name = "OBSF",
.family = NFPROTO_UNSPEC,
.target = obsf_tg,
.checkentry = obsf_tg_check,
.targetsize = sizeof(struct xt_OBSF_tginfo),
.me = THIS_MODULE,
};
static int __init obsf_tg_init(void)
{
return xt_register_target(&obsf_tg_reg);
}
2) Now inside the module, it also registers a nf_hook:
static struct nf_hook_ops inward_obsf_ops __read_mostly = {
.pf = NFPROTO_IPV4,
.priority = 1,
.hooknum = NF_INET_PRE_ROUTING,
.hook = ibss_obsf_inward_begin,
};
/*
* Module init and exit functions
* No need ot worry about them
*/
static int __init ibss_obsf_inward_init(void)
{
printk(KERN_ALERT "\nPacket_Inward module started ...");
return nf_register_hook(&inward_obsf_ops);
}
My question is
a) Between ibss_obsf_inward_begin() and obsf_tg() who will be called first?
b) Does this design lead to any inconsistencies?
c) Should i register ibss_ofsf_inward_begin() with different hook ,
say NF_INET_LOCAL_INPUT?
Only example i could find inside 3.7.rc3 kernel tree is :
net/ipv4/ipt_CLUSTERIP.c:540
540 static struct nf_hook_ops cip_arp_ops __read_mostly = {
541 .hook = arp_mangle,
542 .pf = NFPROTO_ARP,
543 .hooknum = NF_ARP_OUT,
544 .priority = -1
545 };
I'm not sure i can do the same for ordinary netfilter module.
--
-aft
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
