Hi.
I am working on simple netfilter match extension. It takes packet, analyzes it, and puts all info in structure. Then it looks at fields in matchinfo and decides if there is a match or not.
The problem is there will be probably many rules, and each time module will repeat the first part of process- where it would be enought to use same structure as in first rule. Is there any way to share info between rules?
I would also like to know if netfilter is processing packetss in pararell - or maybe i can be sure that until packet gets dropped or reaches NIC driver, netfilter wont start to process another one - that would solve my problem as i could simply keep that info inside matching module.
And BTW something offtopic - what is ( is there any) a good way to access userspace memory ( for example some process gets information from databases, and i need that data inside kernel ) from kernel module ?
I am working on simple netfilter match extension. It takes packet, analyzes it, and puts all info in structure. Then it looks at fields in matchinfo and decides if there is a match or not.
The problem is there will be probably many rules, and each time module will repeat the first part of process- where it would be enought to use same structure as in first rule. Is there any way to share info between rules?
I would also like to know if netfilter is processing packetss in pararell - or maybe i can be sure that until packet gets dropped or reaches NIC driver, netfilter wont start to process another one - that would solve my problem as i could simply keep that info inside matching module.
And BTW something offtopic - what is ( is there any) a good way to access userspace memory ( for example some process gets information from databases, and i need that data inside kernel ) from kernel module ?