LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 755|回复: 0

关于netfilter如何传递参数给ipt_do_table

[复制链接]
发表于 2005-3-19 23:06:53 | 显示全部楼层 |阅读模式
搜索了一下内核源码的/net/ipv4/netfilter目录,包含ipt_do_table的文件如下:

[root@cs8 netfilter]# grep ipt_do_table `find .` |grep -v Binary
./ip_nat_rule.c: ret = ipt_do_table(pskb, hooknum, in, out, &nat_table, NULL);
./iptable_raw.c: return ipt_do_table(pskb, hook, in, out, &packet_raw, NULL);
./iptable_mangle.c: return ipt_do_table(pskb, hook, in, out, &packet_mangler, NULL);
./iptable_mangle.c: ret = ipt_do_table(pskb, hook, in, out, &packet_mangler, NULL);
./iptable_filter.c: return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
./iptable_filter.c: return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
./ip_tables.c:ipt_do_table(struct sk_buff **pskb,
./ip_tables.c:EXPORT_SYMBOL(ipt_do_table);

假设加载了这么一条规则:iptables -A FORWARD -j ULOG --ulog-nlgroup 32 --ulog-prefix foo

我想这条规则应该是由iptable_filter.c中的代码处理。iptable_filter.c中和ipt_do_table相关的有两个函数:

static unsigned int
ipt_hook(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
}

static unsigned int
ipt_local_out_hook(unsigned int hook,
struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
/* root is playing with raw sockets. */
if ((*pskb)->len < sizeof(struct iphdr)
|| (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
if (net_ratelimit())
printk("ipt_hook: happy cracking.\n");
return NF_ACCEPT;
}

return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
}

那么就上面那条规则而言,是ipt_hook还是ipt_local_out_hook调用了ipt_do_table? 而这两个函数又是谁来调用的? 调用语句在哪个源码文件中?
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表