Re: Netfiltering - NF_IP_LOCAL_OUT - how it works???

From: Vishwas Raman
Date: Thu Aug 21 2003 - 11:49:21 EST

Next message: Lou Langholtz: "Re: [PATCH] bio.c: reduce verbosity at boot"
Previous message: Andrea Arcangeli: "Re: Dumb question: BKL on reboot ?"
In reply to: Harald Welte: "Re: Netfiltering - NF_IP_LOCAL_OUT - how it works???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Harald Welte wrote:

Hi Vishwas, sorry for the late reply. Most netfilter developers have
been to the netfilter developer workshop, I guess.

you should ask this question on the netfilter-devel mailinglist, where
it is more on-topic than on lkml.

On Thu, Aug 14, 2003 at 03:06:26PM -0700, Vishwas Raman wrote:

While initializing the module, I register a NF_IP_LOCAL_OUT hook for the outgoing packet and change skb->dst->output to my_ip_output() instead of ip_output() in that hook function. After loading the module, I see control being transferred to my_ip_output() for all outgoing packets which in turn calls ip_output() and everything seems to work well.

The exit function of the module also unregisters the hook that I am using.

The problem is that after I unload the module, which in turn unregisters the hook, I have a kernel panic happening each time I use TCP.

The panic occurs at the following point, ip_build_and_send_pkt() in ip_output.c where it is trying to call

NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
output_maybe_reroute);

I thought once the unregistering of the hook is done, it no longer looks for that hook function. I have no idea why it is failing. May be I am doing something grossly wrong with netfiltering. Anyone who is familiar with netfiltering and has registered and unregistered hooks before might be able to guide me regarding this.

I think either you are doing something wrong while unregistering from
the netfilter hook - or you are running into a race condition. It might
happen, that you assign the skb->dst->output function of a packet to
your function, and then you remove the module before that packet is
actually sent.

Actually I did solve the problem. All I had to do was reset skb->dst->output() to ip_output() in my_ip_output() which is defined in my module. The problem was that even after my module was unloaded the destination cache was still pointing to my_ip_output() which was non-existent...

Thanks,

-Vishwas.

-Vishwas.

--
--
Vishwas Raman
Software Engineer, Eternal Systems, Inc,
5290 Overpass Rd, Bldg D, Santa Barbara. CA 93111
Email: vishwas@xxxxxxxxxxxxxxxxxxx
Tel: (805) 696-9051 x246
Fax: (805) 696-9083
URL: http://www.eternal-systems.com/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Lou Langholtz: "Re: [PATCH] bio.c: reduce verbosity at boot"
Previous message: Andrea Arcangeli: "Re: Dumb question: BKL on reboot ?"
In reply to: Harald Welte: "Re: Netfiltering - NF_IP_LOCAL_OUT - how it works???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]