|
|
搜索了一下内核源码的/net/ipv4/netfilter目录,包含ipt_do_table的文件如下:
[root@cs8 netfilter]# grep ipt_do_table `find .` |grep -v Binary
./ip_nat_rule.c: ret = ipt_do_table(pskb, hooknum, in, out, &nat_table, NULL);
./iptable_raw.c: return ipt_do_table(pskb, hook, in, out, &packet_raw, NULL);
./iptable_mangle.c: return ipt_do_table(pskb, hook, in, out, &packet_mangler, NULL);
./iptable_mangle.c: ret = ipt_do_table(pskb, hook, in, out, &packet_mangler, NULL);
./iptable_filter.c: return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
./iptable_filter.c: return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
./ip_tables.c:ipt_do_table(struct sk_buff **pskb,
./ip_tables.c:EXPORT_SYMBOL(ipt_do_table);
假设加载了这么一条规则:iptables -A FORWARD -j ULOG --ulog-nlgroup 32 --ulog-prefix foo
我想这条规则应该是由iptable_filter.c中的代码处理。iptable_filter.c中和ipt_do_table相关的有两个函数:
static unsigned int
ipt_hook(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
}
static unsigned int
ipt_local_out_hook(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
/* root is playing with raw sockets. */
if ((*pskb)->len < sizeof(struct iphdr)
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
if (net_ratelimit())
printk("ipt_hook: happy cracking.\n");
return NF_ACCEPT;
}
return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
}
那么就上面那条规则而言,是ipt_hook还是ipt_local_out_hook调用了ipt_do_table? 而这两个函数又是谁来调用的? 调用语句在哪个源码文件中? |
|
IP卡
狗仔卡
发表于 2005-3-19 23:06:53
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡