From: Jan Engelhardt <jengelh@medozas.de>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH 021/103] netfilter: xtables: consolidate table hook functions
Date: Tue, 4 Aug 2009 09:25:05 +0200 [thread overview]
Message-ID: <1249370787-17583-22-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1249370787-17583-1-git-send-email-jengelh@medozas.de>
For a following patch in this series, we will be requiring that a
single hook function per table does the processing.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
net/ipv4/netfilter/arptable_filter.c | 23 +++++--------
net/ipv4/netfilter/iptable_filter.c | 45 ++++++++-------------------
net/ipv4/netfilter/iptable_mangle.c | 52 +++++++------------------------
net/ipv4/netfilter/iptable_raw.c | 20 ++++--------
net/ipv4/netfilter/iptable_security.c | 42 ++++++++------------------
net/ipv6/netfilter/ip6table_filter.c | 34 +++++---------------
net/ipv6/netfilter/ip6table_mangle.c | 30 +++++++-----------
net/ipv6/netfilter/ip6table_raw.c | 20 ++++--------
net/ipv6/netfilter/ip6table_security.c | 34 +++++----------------
9 files changed, 91 insertions(+), 209 deletions(-)
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 87ecd3e..e46123e 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -53,43 +53,38 @@ static struct xt_table packet_filter = {
};
/* The work comes in here from netfilter.c */
-static unsigned int arpt_in_hook(unsigned int hook,
+static unsigned int arptable_filter_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return arpt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.arptable_filter);
-}
+ if (hook == NF_ARP_OUT)
+ return arpt_do_table(skb, hook, in, out,
+ dev_net(out)->ipv4.arptable_filter);
-static unsigned int arpt_out_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
+ /* INPUT/FORWARD: */
return arpt_do_table(skb, hook, in, out,
- dev_net(out)->ipv4.arptable_filter);
+ dev_net(in)->ipv4.arptable_filter);
}
static struct nf_hook_ops arpt_ops[] __read_mostly = {
{
- .hook = arpt_in_hook,
+ .hook = arptable_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_ARP,
.hooknum = NF_ARP_IN,
.priority = NF_IP_PRI_FILTER,
},
{
- .hook = arpt_out_hook,
+ .hook = arptable_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_ARP,
.hooknum = NF_ARP_OUT,
.priority = NF_IP_PRI_FILTER,
},
{
- .hook = arpt_in_hook,
+ .hook = arptable_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_ARP,
.hooknum = NF_ARP_FORWARD,
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index 24d39cb..26a4ff5 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -60,61 +60,44 @@ static struct xt_table packet_filter = {
.af = NFPROTO_IPV4,
};
-/* The work comes in here from netfilter.c. */
static unsigned int
-ipt_local_in_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- return ipt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.iptable_filter);
-}
-
-static unsigned int
-ipt_hook(unsigned int hook,
+iptable_filter_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.iptable_filter);
-}
+ if (hook == NF_INET_LOCAL_OUT) {
+ /* root is playing with raw sockets. */
+ if (skb->len < sizeof(struct iphdr) ||
+ ip_hdrlen(skb) < sizeof(struct iphdr))
+ return NF_ACCEPT;
+ return ipt_do_table(skb, hook, in, out,
+ dev_net(out)->ipv4.iptable_filter);
+ }
-static unsigned int
-ipt_local_out_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- /* root is playing with raw sockets. */
- if (skb->len < sizeof(struct iphdr) ||
- ip_hdrlen(skb) < sizeof(struct iphdr))
- return NF_ACCEPT;
+ /* LOCAL_IN/FORWARD: */
return ipt_do_table(skb, hook, in, out,
- dev_net(out)->ipv4.iptable_filter);
+ dev_net(in)->ipv4.iptable_filter);
}
static struct nf_hook_ops ipt_ops[] __read_mostly = {
{
- .hook = ipt_local_in_hook,
+ .hook = iptable_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_FILTER,
},
{
- .hook = ipt_hook,
+ .hook = iptable_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_FILTER,
},
{
- .hook = ipt_local_out_hook,
+ .hook = iptable_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 107baf8..e5e4233 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -73,51 +73,23 @@ static struct xt_table packet_mangler = {
/* The work comes in here from netfilter.c. */
static unsigned int
-ipt_pre_routing_hook(unsigned int hook,
+iptable_mangle_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.iptable_mangle);
-}
-
-static unsigned int
-ipt_post_routing_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- return ipt_do_table(skb, hook, in, out,
- dev_net(out)->ipv4.iptable_mangle);
-}
+ if (hook == NF_INET_POST_ROUTING)
+ return ipt_do_table(skb, hook, in, out,
+ dev_net(out)->ipv4.iptable_mangle);
-static unsigned int
-ipt_local_in_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- return ipt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.iptable_mangle);
-}
-
-static unsigned int
-ipt_forward_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
+ /* PREROUTING/INPUT/FORWARD: */
return ipt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.iptable_mangle);
+ dev_net(in)->ipv4.iptable_mangle);
}
static unsigned int
-ipt_local_hook(unsigned int hook,
+iptable_mangle_out_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -160,35 +132,35 @@ ipt_local_hook(unsigned int hook,
static struct nf_hook_ops ipt_ops[] __read_mostly = {
{
- .hook = ipt_pre_routing_hook,
+ .hook = iptable_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_MANGLE,
},
{
- .hook = ipt_local_in_hook,
+ .hook = iptable_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_MANGLE,
},
{
- .hook = ipt_forward_hook,
+ .hook = iptable_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_MANGLE,
},
{
- .hook = ipt_local_hook,
+ .hook = iptable_mangle_out_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_MANGLE,
},
{
- .hook = ipt_post_routing_hook,
+ .hook = iptable_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_POST_ROUTING,
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 8864a82..e7021d1 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -45,23 +45,17 @@ static struct xt_table packet_raw = {
/* The work comes in here from netfilter.c. */
static unsigned int
-ipt_hook(unsigned int hook,
+iptable_raw_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.iptable_raw);
-}
+ if (hook == NF_INET_PRE_ROUTING)
+ return ipt_do_table(skb, hook, in, out,
+ dev_net(in)->ipv4.iptable_raw);
-static unsigned int
-ipt_local_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
+ /* OUTPUT: */
/* root is playing with raw sockets. */
if (skb->len < sizeof(struct iphdr) ||
ip_hdrlen(skb) < sizeof(struct iphdr))
@@ -73,14 +67,14 @@ ipt_local_hook(unsigned int hook,
/* 'raw' is the very first table. */
static struct nf_hook_ops ipt_ops[] __read_mostly = {
{
- .hook = ipt_hook,
+ .hook = iptable_raw_hook,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_RAW,
.owner = THIS_MODULE,
},
{
- .hook = ipt_local_hook,
+ .hook = iptable_raw_hook,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_RAW,
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index cab3eaa..1686f90 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -65,59 +65,43 @@ static struct xt_table security_table = {
};
static unsigned int
-ipt_local_in_hook(unsigned int hook,
+iptable_security_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
+ if (hook == NF_INET_LOCAL_OUT) {
+ /* Somebody is playing with raw sockets. */
+ if (skb->len < sizeof(struct iphdr)
+ || ip_hdrlen(skb) < sizeof(struct iphdr))
+ return NF_ACCEPT;
+ return ipt_do_table(skb, hook, in, out,
+ dev_net(out)->ipv4.iptable_security);
+ }
+
+ /* INPUT/FORWARD: */
return ipt_do_table(skb, hook, in, out,
dev_net(in)->ipv4.iptable_security);
}
-static unsigned int
-ipt_forward_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- return ipt_do_table(skb, hook, in, out,
- dev_net(in)->ipv4.iptable_security);
-}
-
-static unsigned int
-ipt_local_out_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- /* Somebody is playing with raw sockets. */
- if (skb->len < sizeof(struct iphdr)
- || ip_hdrlen(skb) < sizeof(struct iphdr))
- return NF_ACCEPT;
- return ipt_do_table(skb, hook, in, out,
- dev_net(out)->ipv4.iptable_security);
-}
-
static struct nf_hook_ops ipt_ops[] __read_mostly = {
{
- .hook = ipt_local_in_hook,
+ .hook = iptable_security_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_SECURITY,
},
{
- .hook = ipt_forward_hook,
+ .hook = iptable_security_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_SECURITY,
},
{
- .hook = ipt_local_out_hook,
+ .hook = iptable_security_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT,
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 5a81188..1b8c64f 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -60,54 +60,38 @@ static struct xt_table packet_filter = {
/* The work comes in here from netfilter.c. */
static unsigned int
-ip6t_in_hook(unsigned int hook,
+ip6table_filter_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out,
- dev_net(in)->ipv6.ip6table_filter);
-}
-
-static unsigned int
-ip6t_local_out_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
-#if 0
- /* root is playing with raw sockets. */
- if (skb->len < sizeof(struct iphdr)
- || ip_hdrlen(skb) < sizeof(struct iphdr)) {
- if (net_ratelimit())
- printk("ip6t_hook: happy cracking.\n");
- return NF_ACCEPT;
- }
-#endif
+ if (hook == NF_INET_LOCAL_OUT)
+ return ip6t_do_table(skb, hook, in, out,
+ dev_net(out)->ipv6.ip6table_filter);
+ /* INPUT/FORWARD: */
return ip6t_do_table(skb, hook, in, out,
- dev_net(out)->ipv6.ip6table_filter);
+ dev_net(in)->ipv6.ip6table_filter);
}
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{
- .hook = ip6t_in_hook,
+ .hook = ip6table_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_FILTER,
},
{
- .hook = ip6t_in_hook,
+ .hook = ip6table_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_FILTER,
},
{
- .hook = ip6t_local_out_hook,
+ .hook = ip6table_filter_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index db44cef..17bb452 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -66,29 +66,23 @@ static struct xt_table packet_mangler = {
/* The work comes in here from netfilter.c. */
static unsigned int
-ip6t_in_hook(unsigned int hook,
+ip6table_mangle_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out,
- dev_net(in)->ipv6.ip6table_mangle);
-}
+ if (hook == NF_INET_POST_ROUTING)
+ return ip6t_do_table(skb, hook, in, out,
+ dev_net(out)->ipv6.ip6table_mangle);
-static unsigned int
-ip6t_post_routing_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
+ /* INPUT/FORWARD */
return ip6t_do_table(skb, hook, in, out,
- dev_net(out)->ipv6.ip6table_mangle);
+ dev_net(in)->ipv6.ip6table_mangle);
}
static unsigned int
-ip6t_local_out_hook(unsigned int hook,
+ip6table_mangle_out_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
@@ -134,35 +128,35 @@ ip6t_local_out_hook(unsigned int hook,
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{
- .hook = ip6t_in_hook,
+ .hook = ip6table_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_MANGLE,
},
{
- .hook = ip6t_in_hook,
+ .hook = ip6table_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_MANGLE,
},
{
- .hook = ip6t_in_hook,
+ .hook = ip6table_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_MANGLE,
},
{
- .hook = ip6t_local_out_hook,
+ .hook = ip6table_mangle_out_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_MANGLE,
},
{
- .hook = ip6t_post_routing_hook,
+ .hook = ip6table_mangle_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_POST_ROUTING,
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index 30e4ca5..2b758ec 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -44,37 +44,31 @@ static struct xt_table packet_raw = {
/* The work comes in here from netfilter.c. */
static unsigned int
-ip6t_pre_routing_hook(unsigned int hook,
+ip6table_raw_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out,
- dev_net(in)->ipv6.ip6table_raw);
-}
+ if (hook == NF_INET_PRE_ROUTING)
+ return ip6t_do_table(skb, hook, in, out,
+ dev_net(in)->ipv6.ip6table_raw);
-static unsigned int
-ip6t_local_out_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
+ /* OUTPUT: */
return ip6t_do_table(skb, hook, in, out,
dev_net(out)->ipv6.ip6table_raw);
}
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{
- .hook = ip6t_pre_routing_hook,
+ .hook = ip6table_raw_hook,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_FIRST,
.owner = THIS_MODULE,
},
{
- .hook = ip6t_local_out_hook,
+ .hook = ip6table_raw_hook,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_FIRST,
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c
index 5044521..51223eb 100644
--- a/net/ipv6/netfilter/ip6table_security.c
+++ b/net/ipv6/netfilter/ip6table_security.c
@@ -64,56 +64,38 @@ static struct xt_table security_table = {
};
static unsigned int
-ip6t_local_in_hook(unsigned int hook,
+ip6table_security_hook(unsigned int hook,
struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out,
- dev_net(in)->ipv6.ip6table_security);
-}
+ if (hook == NF_INET_LOCAL_OUT)
+ return ip6t_do_table(skb, hook, in, out,
+ dev_net(out)->ipv6.ip6table_security);
-static unsigned int
-ip6t_forward_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
+ /* INPUT/FORWARD: */
return ip6t_do_table(skb, hook, in, out,
dev_net(in)->ipv6.ip6table_security);
}
-static unsigned int
-ip6t_local_out_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
-{
- /* TBD: handle short packets via raw socket */
- return ip6t_do_table(skb, hook, in, out,
- dev_net(out)->ipv6.ip6table_security);
-}
-
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{
- .hook = ip6t_local_in_hook,
+ .hook = ip6table_security_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_SECURITY,
},
{
- .hook = ip6t_forward_hook,
+ .hook = ip6table_security_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_SECURITY,
},
{
- .hook = ip6t_local_out_hook,
+ .hook = ip6table_security_hook,
.owner = THIS_MODULE,
.pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT,
--
1.6.3.3
next prev parent reply other threads:[~2009-08-04 7:26 UTC|newest]
Thread overview: 118+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-04 7:24 Xtables2 snapshot 20090804 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 001/103] netfilter: xtables: remove xt_TOS v0 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 002/103] netfilter: xtables: remove xt_CONNMARK v0 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 003/103] netfilter: xtables: remove xt_MARK v0, v1 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 004/103] netfilter: xtables: remove xt_connmark v0 Jan Engelhardt
2009-08-10 8:41 ` Patrick McHardy
2009-08-10 9:01 ` Patrick McHardy
2009-08-04 7:24 ` [PATCH 005/103] netfilter: xtables: remove xt_conntrack v0 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 006/103] netfilter: xtables: remove xt_iprange v0 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 007/103] netfilter: xtables: remove xt_mark v0 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 008/103] netfilter: xtables: remove obsolete /proc/net/ipt_recent Jan Engelhardt
2009-08-10 8:46 ` Patrick McHardy
2009-08-04 7:24 ` [PATCH 009/103] netfilter: xtables: remove xt_owner v0 Jan Engelhardt
2009-08-04 7:24 ` [PATCH 010/103] netfilter: xtables: remove redirecting header files Jan Engelhardt
2009-08-04 7:24 ` [PATCH 011/103] netfilter: conntrack: switch hook PFs to nfproto Jan Engelhardt
2009-08-04 7:24 ` [PATCH 012/103] netfilter: xtables: " Jan Engelhardt
2009-08-04 7:24 ` [PATCH 013/103] netfilter: xtables: switch table AFs " Jan Engelhardt
2009-08-04 7:24 ` [PATCH 014/103] netfilter: xtables: remove unneeded gotos in table error paths Jan Engelhardt
2009-08-10 8:48 ` Patrick McHardy
2009-08-04 7:24 ` [PATCH 015/103] netfilter: xtables: realign struct xt_target_param Jan Engelhardt
2009-08-04 7:25 ` [PATCH 016/103] netfilter: iptables: remove unused datalen variable Jan Engelhardt
2009-08-04 7:25 ` [PATCH 017/103] netfilter: xtables: use better unconditional check Jan Engelhardt
2009-08-10 8:54 ` Patrick McHardy
2009-08-10 9:27 ` Jan Engelhardt
2009-08-10 9:31 ` Patrick McHardy
2009-08-04 7:25 ` [PATCH 018/103] netfilter: xtables: ignore unassigned hooks in check_entry_size_and_hooks Jan Engelhardt
2009-08-04 7:25 ` [PATCH 019/103] netfilter: xtables: check for unconditionality of policies Jan Engelhardt
2009-08-10 8:55 ` Patrick McHardy
2009-08-04 7:25 ` [PATCH 020/103] netfilter: xtables: check for standard verdicts in policies Jan Engelhardt
2009-08-04 7:25 ` Jan Engelhardt [this message]
2009-08-10 8:58 ` [PATCH 021/103] netfilter: xtables: consolidate table hook functions Patrick McHardy
2009-08-10 9:36 ` Jan Engelhardt
2009-08-10 9:51 ` Patrick McHardy
2009-08-04 7:25 ` [PATCH 022/103] netfilter: xtables: compact " Jan Engelhardt
2009-08-04 7:25 ` [PATCH 023/103] netfilter: xtables: generate nf_hook_ops on-demand Jan Engelhardt
2009-08-04 7:25 ` [PATCH 024/103] netfilter: xtables: mark table constant for registering functions Jan Engelhardt
2009-08-04 7:25 ` [PATCH 025/103] netfilter: xtables: constify initial table data Jan Engelhardt
2009-08-04 7:25 ` [PATCH 026/103] netfilter: xtables: use xt_table for hook instantiation Jan Engelhardt
2009-08-04 7:25 ` [PATCH 027/103] netfilter: xtables: generate initial table on-demand Jan Engelhardt
2009-08-04 7:25 ` [PATCH 028/103] netfilter: reduce NF_HOOK by one argument Jan Engelhardt
2009-08-04 7:25 ` [PATCH 029/103] netfilter: get rid of the grossness in netfilter.h Jan Engelhardt
2009-08-04 7:25 ` [PATCH 030/103] netfilter: xtables: print details on size mismatch Jan Engelhardt
2009-08-04 7:25 ` [PATCH 031/103] netfilter: xtables: constify args in compat copying functions Jan Engelhardt
2009-08-04 7:25 ` [PATCH 032/103] netfilter: xtables: add const qualifiers Jan Engelhardt
2009-08-04 7:25 ` [PATCH 033/103] netfilter: xtables: replace XT_ENTRY_ITERATE macro Jan Engelhardt
2009-08-04 7:25 ` [PATCH 034/103] netfilter: xtables: optimize call flow around xt_entry_foreach Jan Engelhardt
2009-08-04 7:25 ` [PATCH 035/103] netfilter: xtables: replace XT_MATCH_ITERATE macro Jan Engelhardt
2009-08-04 7:25 ` [PATCH 036/103] netfilter: xtables: optimize call flow around xt_ematch_foreach Jan Engelhardt
2009-08-04 7:25 ` [PATCH 037/103] netfilter: xtables: reduce arguments to translate_table Jan Engelhardt
2009-08-04 7:25 ` [PATCH 038/103] netfilter: xtables2: make ip_tables reentrant Jan Engelhardt
2009-08-04 7:25 ` [PATCH 039/103] netfilter: xtables: dissolve do_match function Jan Engelhardt
2009-08-04 7:25 ` [PATCH 040/103] netfilter: xtables: combine struct xt_match_param and xt_target_param Jan Engelhardt
2009-08-04 7:25 ` [PATCH 041/103] netfilter: xtables: substitute temporary defines by final name Jan Engelhardt
2009-08-04 7:25 ` [PATCH 042/103] netfilter: xtables: make use of xt_request_find_target Jan Engelhardt
2009-08-04 7:25 ` [PATCH 043/103] netfilter: xtables: consolidate code into xt_request_find_match Jan Engelhardt
2009-08-04 7:25 ` [PATCH 044/103] netfilter: xtables: deconstify struct xt_action_param for matches Jan Engelhardt
2009-08-04 7:25 ` [PATCH 045/103] netfilter: xtables: change hotdrop pointer to direct modification Jan Engelhardt
2009-08-04 7:25 ` [PATCH 046/103] netfilter: xtables: combine built-in extension structs Jan Engelhardt
2009-08-04 7:25 ` [PATCH 047/103] netfilter: xtables: move functions around Jan Engelhardt
2009-08-04 7:25 ` [PATCH 048/103] netfilter: ebtables: change ebt_basic_match to xt convention Jan Engelhardt
2009-08-04 7:25 ` [PATCH 049/103] netfilter: xtables: convert basic nfproto match functions into xt matches Jan Engelhardt
2009-08-04 7:25 ` [PATCH 050/103] netfilter: xtables2: initial table skeletal functions Jan Engelhardt
2009-08-04 7:25 ` [PATCH 051/103] netfilter: xtables2: initial chain " Jan Engelhardt
2009-08-04 7:25 ` [PATCH 052/103] netfilter: xtables2: initial rule " Jan Engelhardt
2009-08-04 7:25 ` [PATCH 053/103] netfilter: xtables: alternate size checking in xt_check_match Jan Engelhardt
2009-08-04 7:25 ` [PATCH 054/103] netfilter: xtables: alternate size checking in xt_check_target Jan Engelhardt
2009-08-04 7:25 ` [PATCH 055/103] netfilter: xtables2: per-rule match skeletal functions Jan Engelhardt
2009-08-04 7:25 ` [PATCH 056/103] netfilter: xtables2: per-rule target " Jan Engelhardt
2009-08-04 7:25 ` [PATCH 057/103] netfilter: xtables2: xt_check_target in combination with xt2 contexts Jan Engelhardt
2009-08-04 7:25 ` [PATCH 058/103] netfilter: xtables2: jumpstack (de)allocation functions Jan Engelhardt
2009-08-04 7:25 ` [PATCH 059/103] netfilter: xtables2: table traversal Jan Engelhardt
2009-08-04 7:25 ` [PATCH 060/103] netfilter: xt_quota: fix wrong return value (error case) Jan Engelhardt
2009-08-04 7:25 ` [PATCH 061/103] netfilter: xtables: add xt_quota revision 3 Jan Engelhardt
2009-08-04 7:25 ` [PATCH 062/103] netfilter: xtables2: make a copy of the ipv6_filter table Jan Engelhardt
2009-08-04 7:25 ` [PATCH 063/103] netfilter: xtables2: initial xt1->xt2 translation for tables Jan Engelhardt
2009-08-04 7:25 ` [PATCH 064/103] netfilter: xtables2: xt2->xt1 translation - GET_INFO support Jan Engelhardt
2009-08-04 7:25 ` [PATCH 065/103] netfilter: xtables2: xt2->xt1 translation - GET_ENTRIES support Jan Engelhardt
2009-08-04 7:25 ` [PATCH 066/103] netfilter: xtables2: xt1->xt2 translation - SET_REPLACE support Jan Engelhardt
2009-08-04 7:25 ` [PATCH 067/103] netfilter: xtables2: return counters after SET_REPLACE Jan Engelhardt
2009-08-04 7:25 ` [PATCH 068/103] netfilter: xtables2: xt1->xt2 translation - ADD_COUNTERS support Jan Engelhardt
2009-08-04 7:25 ` [PATCH 069/103] netfilter: xtables2: xt2->xt1 translation - compat GET_INFO support Jan Engelhardt
2009-08-04 7:25 ` [PATCH 070/103] netfilter: xtables: use compat_u64 inside struct compat_xt_counters Jan Engelhardt
2009-08-04 7:25 ` [PATCH 071/103] netfilter: ip6tables: move mark_chains to xt1_perproto.c Jan Engelhardt
2009-08-04 7:25 ` [PATCH 072/103] netfilter: xtables2: xt2<->xt1 translation - compat GET_ENTRIES/SET_REPLACE support Jan Engelhardt
2009-08-04 7:25 ` [PATCH 073/103] netfilter: xtables2: compat->normal match data translation Jan Engelhardt
2009-08-04 7:25 ` [PATCH 074/103] netfilter: xtables2: compat->normal target " Jan Engelhardt
2009-08-04 7:25 ` [PATCH 075/103] netfilter: xtables2: outsource code into xts_match_to_xt1 function Jan Engelhardt
2009-08-04 7:26 ` [PATCH 076/103] netfilter: xtables2: normal->compat match data translation Jan Engelhardt
2009-08-04 7:26 ` [PATCH 077/103] netfilter: xtables2: normal->compat target " Jan Engelhardt
2009-08-04 7:26 ` [PATCH 078/103] netfilter: xtables2: packet tracing Jan Engelhardt
2009-08-04 7:26 ` [PATCH 079/103] netfilter: xtables: turn procfs entries to walk xt2 table list Jan Engelhardt
2009-08-04 7:26 ` [PATCH 080/103] netfilter: xtables2: switch ip6's tables to the xt2 table format Jan Engelhardt
2009-08-04 7:26 ` [PATCH 081/103] netfilter: ip6tables: remove obsolete packet tracing Jan Engelhardt
2009-08-04 7:26 ` [PATCH 082/103] netfilter: ip6tables: remove xt1 GET_INFO code Jan Engelhardt
2009-08-04 7:26 ` [PATCH 083/103] netfilter: ip6tables: remove xt1 GET_ENTRIES code Jan Engelhardt
2009-08-04 7:26 ` [PATCH 084/103] netfilter: ip6tables: remove unused functions (GET_ENTRIES) Jan Engelhardt
2009-08-04 7:26 ` [PATCH 085/103] netfilter: ip6tables: remove xt1 SET_REPLACE code Jan Engelhardt
2009-08-04 7:26 ` [PATCH 086/103] netfilter: ip6tables: remove unused functions (SET_REPLACE) Jan Engelhardt
2009-08-04 7:26 ` [PATCH 087/103] netfilter: ip6tables: remove xt1 ADD_COUNTERS code Jan Engelhardt
2009-08-04 7:26 ` [PATCH 088/103] netfilter: ip6tables: remove xt1/ipv6 registration functions Jan Engelhardt
2009-08-04 7:26 ` [PATCH 089/103] netfilter: ip6tables: remove remaining xt1 code Jan Engelhardt
2009-08-04 7:26 ` [PATCH 090/103] netfilter: iptables: include xt1_perproto code in ip_tables Jan Engelhardt
2009-08-04 7:26 ` [PATCH 091/103] netfilter: iptables: switch to xt2 tables Jan Engelhardt
2009-08-04 7:26 ` [PATCH 092/103] netfilter: iptables: remove unused functions Jan Engelhardt
2009-08-04 7:26 ` [PATCH 093/103] netfilter: iptables: remove xt1/ipv4 registration functions Jan Engelhardt
2009-08-04 7:26 ` [PATCH 094/103] netfilter: iptables: remove remaining xt1 code Jan Engelhardt
2009-08-04 7:26 ` [PATCH 095/103] netfilter: xt_quota: enable module lookup via arpt Jan Engelhardt
2009-08-04 7:26 ` [PATCH 096/103] netfilter: arptables: include xt1_perproto in arp_tables Jan Engelhardt
2009-08-04 7:26 ` [PATCH 097/103] netfilter: arptables: switch to xt2 tables Jan Engelhardt
2009-08-04 7:26 ` [PATCH 098/103] netfilter: arptables: remove unused functions Jan Engelhardt
2009-08-04 7:26 ` [PATCH 099/103] netfilter: arptables: remove xt1/arp registration functions Jan Engelhardt
2009-08-04 7:26 ` [PATCH 100/103] netfilter: arptables: remove remaining xt1 code Jan Engelhardt
2009-08-04 7:26 ` [PATCH 101/103] netfilter: xtables1: remove xt1 table handling Jan Engelhardt
2009-08-04 7:26 ` [PATCH 102/103] netfilter: xtables1: remove info lock Jan Engelhardt
2009-08-04 7:26 ` [PATCH 103/103] netfilter: xtables1: remove compat-userspace code Jan Engelhardt
2009-08-04 12:47 ` Xtables2 snapshot 20090804 Patrick McHardy
2009-08-04 13:26 ` Jan Engelhardt
2009-08-04 13:16 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1249370787-17583-22-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).