- 论坛徽章:
- 1
|
前面说了netfilter中的钩子的注册,以及钩子是如何执行,下面则是netfilter 如何注册规则表的。
表的注册由struct xt_table *ipt_register_table(struct net *net, struct xt_table *table, const struct ipt_replace *repl)函数完成。
先看看在什么地方调用了这个函数:
Searched full:ipt_register_table (Results 1 - 7 of 7) sorted by null
/net/ipv4/netfilter/ -
iptable_raw.c 95 ipt_register_table(net, &packet_raw, &initial_table.repl);
iptable_filter.c 133 ipt_register_table(net, &packet_filter, &initial_table.repl);
iptable_security.c 131 ipt_register_table(net, &security_table, &initial_table.repl);
iptable_mangle.c 203 ipt_register_table(net, &packet_mangler, &initial_table.repl);
nf_nat_rule.c 189 net->ipv4.nat_table = ipt_register_table(net, &nat_table,
ip_tables.c 2052 struct xt_table *ipt_register_table(struct net *net, struct xt_table *table, function
2267 EXPORT_SYMBOL(ipt_register_table); variable
[all...]
同样,我们跟踪到iptable_raw.c文件中:
91 static int __net_init iptable_raw_net_init(struct net *net)
92 {
93 /* Register table */
94 net->ipv4.iptable_raw =
95 ipt_register_table(net, &packet_raw, &initial_table.repl);/////////////////表注册。
96 if (IS_ERR(net->ipv4.iptable_raw))
97 return PTR_ERR(net->ipv4.iptable_raw);
98 return 0;
99 }
100
101 static void __net_exit iptable_raw_net_exit(struct net *net)
102 {
103 ipt_unregister_table(net->ipv4.iptable_raw);
104 }
105
106 static struct pernet_operations iptable_raw_net_ops = {
107 .init = iptable_raw_net_init,
108 .exit = iptable_raw_net_exit,
109 };
110
111 static int __init iptable_raw_init(void)
112 {
113 int ret;
114
115 ret = register_pernet_subsys(&iptable_raw_net_ops);
116 if (ret 0)
117 return ret;
118
119 /* Register hooks */
120 ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
121 if (ret 0)
122 goto cleanup_table;
123
124 return ret;
125
126 cleanup_table:
127 unregister_pernet_subsys(&iptable_raw_net_ops);
128 return ret;
129 }
可以看出,表的注册又是通过ret = register_pernet_subsys(&iptable_raw_net_ops);函数完成的,实现如下:
int register_pernet_subsys(struct pernet_operations *ops)
322 {
323 int error;
324 mutex_lock(&net_mutex);
325 error = register_pernet_operations(first_device, ops);
326 mutex_unlock(&net_mutex);
327 return error;
328 }
285 static int register_pernet_operations(struct list_head *list,
286 struct pernet_operations *ops)
287 {
288 if (ops->init == NULL)
289 return 0;
290 return ops->init(&init_net);
291 }
可以看出,它只是简单的调用了iptable_raw_net_init函数。现在知道了表是如何被注册的,现在来看看表是如何注册的。
struct xt_table *ipt_register_table(struct net *net, struct xt_table *table, const struct ipt_replace *repl)
这个函数有两个参数,struct xt_table,struct ipt_replacel;
350 struct xt_table
351 {
352 struct list_head list;
353
354 /* What hooks you will enter on */
355 unsigned int valid_hooks;
356
357 /* Man behind the curtain... */
358 struct xt_table_info *private;
359
360 /* Set this to THIS_MODULE if you are a module, otherwise NULL */
361 struct module *me;
362
363 u_int8_t af; /* address/protocol family */
364
365 /* A unique name... */
366 const char name[XT_TABLE_MAXNAMELEN];
367 };
368
371 /* The table itself */
372 struct xt_table_info
373 {
374 /* Size per table */
375 unsigned int size;
376 /* Number of entries: FIXME. --RR */
377 unsigned int number;
378 /* Initial number of entries. Needed for module usage count */
379 unsigned int initial_entries;
380
381 /* Entry points and underflows */
382 unsigned int hook_entry[NF_INET_NUMHOOKS];
383 unsigned int underflow[NF_INET_NUMHOOKS];
384
385 /* ipt_entry tables: one per CPU */
386 /* Note : this field MUST be the last one, see XT_TABLE_INFO_SZ */
387 void *entries[1];
388 };
389
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/102292/showart_2084328.html |
|
免费注册
发表于 2009-11-02 10:05
