[PATCH] dynamic mangle table registration - and some questions
Brad Chapman
kakadu@earthlink.net
Sun, 15 Jul 2001 10:26:45 -0400
Everyone,
Here is a patch against the virgin mangle table which allows you, at
runtime,
to choose whether the module registers the original 2-hook table, or the
expanded
5-hook table, created earlier by the mangle5hooks patch. The module
parameter is a
simple boolean. Type regtype=1 and it registers 5 hooks, type regtype=0
and it
registers 2 hooks.
I also made some noise about implementing another module parameter
which allows
for dynamic priority registration for each hook in the mangle table. Is
anyone still
interested?
I also have a few questions about the creation of tables, for both
IPv4 and IPv6:
1. What do these code blocks initialize?
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_standard),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } }
{ { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ipt_entry),
sizeof(struct ipt_error),
0, { 0, 0 }, { } },
{ { { { IPT_ALIGN(sizeof(struct ipt_error_target)), IPT_ERROR_TARGET } },
{ } },
"ERROR"
}
}
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_standard),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
-NF_ACCEPT - 1 } }
{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
0,
sizeof(struct ip6t_entry),
sizeof(struct ip6t_error),
0, { 0, 0 }, { } },
{ { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } },
{ } },
"ERROR"
}
}
2. What do the above code blocks do in relation to the creation of the table,
and why can't they be put in linux/netfilter_ipv4/ip_tables.h and
linux/netfilter_ipv6/ip6_tables.h, respectively, and referenced using a macro?
3. Why can't this code also be moved to linux/netfilter_ipv4/ip_tables.h?
/* Standard entry. */
struct ipt_standard
{
struct ipt_entry entry;
struct ipt_standard_target target;
};
struct ipt_error_target
{
struct ipt_entry_target target;
char errorname[IPT_FUNCTION_MAXNAMELEN];
};
struct ipt_error
{
struct ipt_entry entry;
struct ipt_error_target target;
};
static struct
{
struct ipt_replace repl;
struct ipt_standard entries[2];
struct ipt_error term;
}
initial_table;
And this code to linux/netfilter_ipv6/ip6_tables.h?
/* Standard entry. */
struct ip6t_standard
{
struct ip6t_entry entry;
struct ip6t_standard_target target;
};
struct ip6t_error_target
{
struct ip6t_entry_target target;
char errorname[IP6T_FUNCTION_MAXNAMELEN];
};
struct ip6t_error
{
struct ip6t_entry entry;
struct ip6t_error_target target;
};
static struct
{
struct ip6t_replace repl;
struct ip6t_standard entries[2];
struct ip6t_error term;
}
initial_table;
AFAIK, this code never changes, for any table created under IPv4 or IPv6.
Is there a reason why it can't be moved (other than to change the size of
the ipt_/ip6t_standard array for a larger number of hooks) ?
Thanks,
Brad