Hey guys,
I'm working on a netfilter module that modifies TCP ack behavior and I am having some trouble with crashes. I think my problem is that I don't fully understand the netfilter architecture (and maybe the kernel in general, I'm pretty new to this). I have two main questions:
1.) Using kmalloc with the GFP_KERNEL flag seems to cause crashes occasionally. I was under the impression that I was allowed to block in this case (a netfilter module). Once I switched to using the GFP_ATOMIC flag I stopped seeing crashes. What am I missing?
2.) I have global data structures therefore I must pay attention to synchronization. Is it safe to use a spin_lock in a netfilter module? Do I need to disable local interrupts?
Also, any general info about the nature of netfilter hooks is welcome, I have a lot to learn ;) Thanks in advance!
-CDiR