reference counting matches / ipt_pool
bof@oknodo.bof.de
bof@oknodo.bof.de
Tue, 18 Apr 2000 23:05:18 +0200 (MEST)
For a new kernel side ipt match module (see below...), I would like
to do reference counting. In simple terms, imagine the check() function,
upon checking the match specific arguments, determines it will have
a valid match, and needs some resource R available for as long as this
match will be used in the filter table. I can increment a reference count
on R in the check() function. The question is: where is the "uncheck"
hook where I can decrement the reference once the match is deleted
from the table?
The module I'm talking about will be called ipt_pool. Given a named
pool of IP addresses, you'll be able to check the source or destination
IP address against membership in the pool. The first cut implementation
(patch comes thursday) will have a bitmap based pool, with one bit per
IP address of some range specifying membership in the pool. The pools
and their membership will be managed independantly of ip_tables itself,
and it is possible to use one pool in several places in the tables.
Now, for 'destroy this pool' functionality, I would like to give EBUSY
as long as the pool is used somewhere in the tables. Thus the wish to
reference count.
(For people interested in this pool concept: the next version will provide
alternate pool implementations based on an array of arbitrary addresses,
checked sequentially or by binary search, and alternatively using a hash
able of addresses; both of these approaches will additionally store an
fwmark along with the individual address)
regards
Patrick