[PLUG] AT followup - found my problem

Michael Rasmussen mikeraz at patch.com
Thu Feb 16 13:30:35 UTC 2006


You may recall (didn't you have enough beer?) that my little sample
programs worked, but the big and real one didn't.

I found the cause.

In the documentation there's a section called cleanup.

       _Cleanup_
       $success = $table->commit()
           This attempts to commit all changes made to the IP chains in
           the table that $table points to, and closes the connection
           to the kernel-level netfilter subsystem.

I'd initially blown by that thinking "I don't want to close the
connection, I want to keep it open and keep making changes."

But this morning around 4:30 (four beers don't keep me from an early
start when I've got a problem to solve) while poking at the problem and
viewing strace output and reading my more verbose than ever debug logs
a thought (yeah, it does happen occasionally) occured to me:

   What is the little test programs have commit called automagically
   during shut down?

That's easy to test, add a "getc;" after the $fw->insert_entry() and
check the system status.

And yep, the change wasn't applied until the mini program exited.

So the module code is set up to:

  init
  do operations
  commit (and commit closes your connection)

My original model treated the FW connection like a pipe that I'd
read from and write to.  When I did something like FW->append_entry()
and receive a true response I assumed the rule was applied, not queued
up to be applied.

It's all so clear now...

Time to rework the code with this in mind.


-- 
    Michael Rasmussen, Portland Oregon  
  Be appropriate && Follow your curiosity
        http://www.patch.com/words/
  The fortune cookie says:
A poet who reads his verse in public may have other nasty habits.




More information about the PLUG mailing list