From: Jan Engelhardt <jengelh@medozas.de>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: xt2 table core
Date: Tue, 29 Jun 2010 10:42:40 +0200 [thread overview]
Message-ID: <1277801017-30600-1-git-send-email-jengelh@medozas.de> (raw)
Hi,
This patchset adds the xtables2 main proper, and incrementally
changes ip6_tables to use it. There are more patches for iptables
and arptables and, but to not make it larger than needed, just this
much for now.
Previously featured on http://lwn.net/Articles/345176/ .
The full piece is in the xt2-20100629 branch and would look like:
38 files changed, 3361 insertions(+), 5644 deletions(-)
[40% reduction; the remaining 10% were merged already]
Please leave some comments!
thanks,
Jan
-------------------------------
The following changes since commit fe6fb552858f686f39e33d7b0a33fe56dacea0bf:
netfilter: fix simple typo in KConfig for netfiltert xt_TEE (2010-06-22 08:22:21 +0200)
are available in the git repository at:
git://dev.medozas.de/linux master
Jan Engelhardt (33):
netfilter: ebtables: simplify a device in/out check
netfilter: ebtables: change ebt_basic_match to xt convention
netfilter: xtables: move functions around
netfilter: xtables: convert basic nfproto match functions into xt matches
netfilter: xtables2: initial table skeletal functions
netfilter: xtables2: initial chain skeletal functions
netfilter: xtables2: initial rule skeletal functions
netfilter: xtables: alternate size checking in xt_check_match
netfilter: xtables: alternate size checking in xt_check_target
netfilter: xtables2: per-rule match skeletal functions
netfilter: xtables2: per-rule target skeletal functions
netfilter: xtables2: xt_check_target in combination with xt2 contexts
netfilter: xtables2: jumpstack (de)allocation functions
netfilter: xtables2: table traversal
netfilter: xtables: add xt_quota revision 3
netfilter: xtables2: make a copy of the ipv6_filter table
netfilter: xtables2: initial xt1->xt2 translation for tables
netfilter: xtables2: xt2->xt1 translation - GET_INFO support
netfilter: xtables2: xt2->xt1 translation - GET_ENTRIES support
netfilter: xtables2: xt1->xt2 translation - SET_REPLACE support
netfilter: xtables2: return counters after SET_REPLACE
netfilter: xtables2: xt1->xt2 translation - ADD_COUNTERS support
netfilter: xtables2: xt2->xt1 translation - compat GET_INFO support
netfilter: ip6tables: move mark_chains to xt1_perproto.c
netfilter: xtables2: xt2<->xt1 translation - compat GET_ENTRIES/SET_REPLACE support
netfilter: xtables2: compat->normal match data translation
netfilter: xtables2: compat->normal target data translation
netfilter: xtables2: outsource code into xts_match_to_xt1 function
netfilter: xtables2: normal->compat match data translation
netfilter: xtables2: normal->compat target data translation
netfilter: xtables2: packet tracing
netfilter: xtables: turn procfs entries to walk xt2 table list
netfilter: xtables2: switch ip6's tables to the xt2 table format
include/linux/netfilter/x_tables.h | 305 ++++++++++++-
include/linux/netfilter/xt_quota.h | 30 ++-
include/linux/netfilter_ipv6/ip6_tables.h | 16 +
include/net/net_namespace.h | 1 +
include/net/netns/x_tables.h | 8 +
net/bridge/netfilter/ebt_arpreply.c | 2 +-
net/bridge/netfilter/ebtables.c | 128 ++++--
net/ipv4/netfilter/arp_tables.c | 199 +++++----
net/ipv4/netfilter/ip_tables.c | 281 ++++++------
net/ipv4/netfilter/ipt_CLUSTERIP.c | 17 +-
net/ipv4/netfilter/ipt_ECN.c | 4 +-
net/ipv4/netfilter/ipt_REJECT.c | 6 +-
net/ipv6/netfilter/Kconfig | 1 +
net/ipv6/netfilter/ip6_tables.c | 576 ++++++++++++------------
net/ipv6/netfilter/ip6t_REJECT.c | 6 +-
net/ipv6/netfilter/ip6table_filter.c | 24 +-
net/ipv6/netfilter/ip6table_mangle.c | 37 +-
net/ipv6/netfilter/ip6table_raw.c | 23 +-
net/ipv6/netfilter/ip6table_security.c | 24 +-
net/netfilter/Kconfig | 6 +
net/netfilter/Makefile | 1 +
net/netfilter/x_tables.c | 717 ++++++++++++++++++++++++++++-
net/netfilter/xt1_postshared.c | 52 ++
net/netfilter/xt1_support.c | 597 ++++++++++++++++++++++++
net/netfilter/xt1_translat.c | 604 ++++++++++++++++++++++++
net/netfilter/xt_TCPMSS.c | 42 +-
net/netfilter/xt_TPROXY.c | 2 +-
net/netfilter/xt_quota.c | 234 +++++++++-
net/sched/act_ipt.c | 6 +-
29 files changed, 3291 insertions(+), 658 deletions(-)
create mode 100644 net/netfilter/xt1_postshared.c
create mode 100644 net/netfilter/xt1_support.c
create mode 100644 net/netfilter/xt1_translat.c
next reply other threads:[~2010-06-29 8:43 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-29 8:42 Jan Engelhardt [this message]
2010-06-29 8:42 ` [PATCH 01/56] netfilter: ebtables: simplify a device in/out check Jan Engelhardt
2010-06-29 8:42 ` [PATCH 02/56] netfilter: ebtables: change ebt_basic_match to xt convention Jan Engelhardt
2010-06-29 8:42 ` [PATCH 03/56] netfilter: xtables: move functions around Jan Engelhardt
2010-06-29 8:42 ` [PATCH 04/56] netfilter: xtables: convert basic nfproto match functions into xt matches Jan Engelhardt
2010-06-29 8:42 ` [PATCH 05/56] netfilter: xtables2: initial table skeletal functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 06/56] netfilter: xtables2: initial chain " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 07/56] netfilter: xtables2: initial rule " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 08/56] netfilter: xtables: alternate size checking in xt_check_match Jan Engelhardt
2010-06-29 8:42 ` [PATCH 09/56] netfilter: xtables: alternate size checking in xt_check_target Jan Engelhardt
2010-06-29 8:42 ` [PATCH 10/56] netfilter: xtables2: per-rule match skeletal functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 11/56] netfilter: xtables2: per-rule target " Jan Engelhardt
2010-06-29 8:42 ` [PATCH 12/56] netfilter: xtables2: xt_check_target in combination with xt2 contexts Jan Engelhardt
2010-06-29 8:42 ` [PATCH 13/56] netfilter: xtables2: jumpstack (de)allocation functions Jan Engelhardt
2010-06-29 8:42 ` [PATCH 14/56] netfilter: xtables2: table traversal Jan Engelhardt
2010-06-29 8:42 ` [PATCH 15/56] netfilter: xtables: add xt_quota revision 3 Jan Engelhardt
2010-06-29 8:42 ` [PATCH 16/56] netfilter: xtables2: make a copy of the ipv6_filter table Jan Engelhardt
2010-06-29 8:42 ` [PATCH 17/56] netfilter: xtables2: initial xt1->xt2 translation for tables Jan Engelhardt
2010-06-29 8:42 ` [PATCH 18/56] netfilter: xtables2: xt2->xt1 translation - GET_INFO support Jan Engelhardt
2010-06-29 8:42 ` [PATCH 19/56] netfilter: xtables2: xt2->xt1 translation - GET_ENTRIES support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 20/56] netfilter: xtables2: xt1->xt2 translation - SET_REPLACE support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 21/56] netfilter: xtables2: return counters after SET_REPLACE Jan Engelhardt
2010-06-29 8:43 ` [PATCH 22/56] netfilter: xtables2: xt1->xt2 translation - ADD_COUNTERS support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 23/56] netfilter: xtables2: xt2->xt1 translation - compat GET_INFO support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 24/56] netfilter: ip6tables: move mark_chains to xt1_perproto.c Jan Engelhardt
2010-06-29 8:43 ` [PATCH 25/56] netfilter: xtables2: xt2<->xt1 translation - compat GET_ENTRIES/SET_REPLACE support Jan Engelhardt
2010-06-29 8:43 ` [PATCH 26/56] netfilter: xtables2: compat->normal match data translation Jan Engelhardt
2010-06-29 8:43 ` [PATCH 27/56] netfilter: xtables2: compat->normal target " Jan Engelhardt
2010-06-29 8:43 ` [PATCH 28/56] netfilter: xtables2: outsource code into xts_match_to_xt1 function Jan Engelhardt
2010-06-29 8:43 ` [PATCH 29/56] netfilter: xtables2: normal->compat match data translation Jan Engelhardt
2010-06-29 8:43 ` [PATCH 30/56] netfilter: xtables2: normal->compat target " Jan Engelhardt
2010-06-29 8:43 ` [PATCH 31/56] netfilter: xtables2: packet tracing Jan Engelhardt
2010-06-29 8:43 ` [PATCH 32/56] netfilter: xtables: turn procfs entries to walk xt2 table list Jan Engelhardt
2010-06-29 8:43 ` [PATCH 33/56] netfilter: xtables2: switch ip6's tables to the xt2 table format Jan Engelhardt
2010-06-29 8:47 ` xt2 table core [*/33, not */56] Jan Engelhardt
2010-07-02 3:32 ` xt2 table core Simon Lodal
2010-07-04 13:56 ` Jan Engelhardt
2010-07-04 17:22 ` Simon Lodal
2010-07-04 18:00 ` Jan Engelhardt
2010-07-05 8:55 ` Patrick McHardy
2010-07-05 9:13 ` Jan Engelhardt
2010-07-05 9:15 ` Patrick McHardy
2010-07-05 9:36 ` Eric Dumazet
2010-07-05 9:42 ` Jan Engelhardt
2010-07-05 10:22 ` Eric Dumazet
2010-07-05 10:34 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1277801017-30600-1-git-send-email-jengelh@medozas.de \
--to=jengelh@medozas.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).