Netfiltering - NF_IP_LOCAL_OUT - how it works???

[Vishwas Raman]

Hi,

I am working with the 2.4.20 kernel.

The module I am writing is supposed to intercept all outgoing packets 
passing between the TCP and IP layer. I was trying to use the 
netfiltering mechanism for that purpose.

While initializing the module, I register a NF_IP_LOCAL_OUT hook for the 
outgoing packet and change skb->dst->output to my_ip_output() instead of 
ip_output() in that hook function. After loading the module, I see 
control being transferred to my_ip_output() for all outgoing packets 
which in turn calls ip_output() and everything seems to work well.

The exit function of the module also unregisters the hook that I am using.

The problem is that after I unload the module, which in turn unregisters 
the hook, I have a kernel panic happening each time I use TCP.

The panic occurs at the following point, ip_build_and_send_pkt() in 
ip_output.c where it is trying to call

    NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
                    output_maybe_reroute);

I thought once the unregistering of the hook is done, it no longer looks 
for that hook function. I have no idea why it is failing. May be I am 
doing something grossly wrong with netfiltering. Anyone who is familiar 
with netfiltering and has registered and unregistered hooks before might 
be able to guide me regarding this.

Any help will be appreciated.

Thanks,

-Vishwas.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/