[PLUG] AT followup - found my problem
Michael Rasmussen
mikeraz at patch.com
Thu Feb 16 13:30:35 UTC 2006
You may recall (didn't you have enough beer?) that my little sample
programs worked, but the big and real one didn't.
I found the cause.
In the documentation there's a section called cleanup.
_Cleanup_
$success = $table->commit()
This attempts to commit all changes made to the IP chains in
the table that $table points to, and closes the connection
to the kernel-level netfilter subsystem.
I'd initially blown by that thinking "I don't want to close the
connection, I want to keep it open and keep making changes."
But this morning around 4:30 (four beers don't keep me from an early
start when I've got a problem to solve) while poking at the problem and
viewing strace output and reading my more verbose than ever debug logs
a thought (yeah, it does happen occasionally) occured to me:
What is the little test programs have commit called automagically
during shut down?
That's easy to test, add a "getc;" after the $fw->insert_entry() and
check the system status.
And yep, the change wasn't applied until the mini program exited.
So the module code is set up to:
init
do operations
commit (and commit closes your connection)
My original model treated the FW connection like a pipe that I'd
read from and write to. When I did something like FW->append_entry()
and receive a true response I assumed the rule was applied, not queued
up to be applied.
It's all so clear now...
Time to rework the code with this in mind.
--
Michael Rasmussen, Portland Oregon
Be appropriate && Follow your curiosity
http://www.patch.com/words/
The fortune cookie says:
A poet who reads his verse in public may have other nasty habits.
More information about the PLUG
mailing list