Re: Netfiltering - NF_IP_LOCAL_OUT - how it works???

From: Harald Welte
Date: Thu Aug 21 2003 - 10:24:01 EST

Next message: Vojtech Pavlik: "Re: Input issues - key down with no key up"
Previous message: Jeff Garzik: "Re: [PATCH] bio.c: reduce verbosity at boot"
Next in thread: Vishwas Raman: "Re: Netfiltering - NF_IP_LOCAL_OUT - how it works???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Vishwas, sorry for the late reply. Most netfilter developers have
been to the netfilter developer workshop, I guess.

you should ask this question on the netfilter-devel mailinglist, where
it is more on-topic than on lkml.

On Thu, Aug 14, 2003 at 03:06:26PM -0700, Vishwas Raman wrote:

> While initializing the module, I register a NF_IP_LOCAL_OUT hook for the
> outgoing packet and change skb->dst->output to my_ip_output() instead of
> ip_output() in that hook function. After loading the module, I see
> control being transferred to my_ip_output() for all outgoing packets
> which in turn calls ip_output() and everything seems to work well.
>
> The exit function of the module also unregisters the hook that I am using.
>
> The problem is that after I unload the module, which in turn unregisters
> the hook, I have a kernel panic happening each time I use TCP.
>
> The panic occurs at the following point, ip_build_and_send_pkt() in
> ip_output.c where it is trying to call
>
> NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
> output_maybe_reroute);
>
> I thought once the unregistering of the hook is done, it no longer looks
> for that hook function. I have no idea why it is failing. May be I am
> doing something grossly wrong with netfiltering. Anyone who is familiar
> with netfiltering and has registered and unregistered hooks before might
> be able to guide me regarding this.

I think either you are doing something wrong while unregistering from
the netfilter hook - or you are running into a race condition. It might
happen, that you assign the skb->dst->output function of a packet to
your function, and then you remove the module before that packet is
actually sent.

> -Vishwas.

--
- Harald Welte <laforge@xxxxxxxxxxxx> http://www.gnumonks.org/
============================================================================
Programming is like sex: One mistake and you have to support it your lifetime

Attachment: pgp00001.pgp
Description: PGP signature

Next message: Vojtech Pavlik: "Re: Input issues - key down with no key up"
Previous message: Jeff Garzik: "Re: [PATCH] bio.c: reduce verbosity at boot"
Next in thread: Vishwas Raman: "Re: Netfiltering - NF_IP_LOCAL_OUT - how it works???"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]