[PATCH 1/2] netfilter: ipt_addrtype: rename to xt_addrtype

[PATCH 1/2] netfilter: ipt_addrtype: rename to xt_addrtype

[Florian Westphal]

From: Florian Westphal <fwestphal@astaro.com>

followup patch will add ipv6 support.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
---
 include/linux/netfilter/Kbuild                     |    1 +
 .../ipt_addrtype.h => netfilter/xt_addrtype.h}     |   16 +++++-----
 include/linux/netfilter_ipv4/Kbuild                |    1 -
 net/ipv4/netfilter/Kconfig                         |   10 ------
 net/ipv4/netfilter/Makefile                        |    1 -
 net/netfilter/Kconfig                              |   10 ++++++
 net/netfilter/Makefile                             |    1 +
 .../ipt_addrtype.c => netfilter/xt_addrtype.c}     |   31 ++++++++++---------
 8 files changed, 36 insertions(+), 35 deletions(-)
 rename include/linux/{netfilter_ipv4/ipt_addrtype.h => netfilter/xt_addrtype.h} (51%)
 rename net/{ipv4/netfilter/ipt_addrtype.c => netfilter/xt_addrtype.c} (79%)

diff --git a/include/linux/netfilter/Kbuild b/include/linux/netfilter/Kbuild
index 15e83bf..a1b410c 100644
--- a/include/linux/netfilter/Kbuild
+++ b/include/linux/netfilter/Kbuild
@@ -29,6 +29,7 @@ header-y += xt_TCPMSS.h
 header-y += xt_TCPOPTSTRIP.h
 header-y += xt_TEE.h
 header-y += xt_TPROXY.h
+header-y += xt_addrtype.h
 header-y += xt_cluster.h
 header-y += xt_comment.h
 header-y += xt_connbytes.h
diff --git a/include/linux/netfilter_ipv4/ipt_addrtype.h b/include/linux/netfilter/xt_addrtype.h
similarity index 51%
rename from include/linux/netfilter_ipv4/ipt_addrtype.h
rename to include/linux/netfilter/xt_addrtype.h
index 0da4223..b492fc8 100644
--- a/include/linux/netfilter_ipv4/ipt_addrtype.h
+++ b/include/linux/netfilter/xt_addrtype.h
@@ -1,23 +1,23 @@
-#ifndef _IPT_ADDRTYPE_H
-#define _IPT_ADDRTYPE_H
+#ifndef _XT_ADDRTYPE_H
+#define _XT_ADDRTYPE_H
 
 #include <linux/types.h>
 
 enum {
-	IPT_ADDRTYPE_INVERT_SOURCE	= 0x0001,
-	IPT_ADDRTYPE_INVERT_DEST	= 0x0002,
-	IPT_ADDRTYPE_LIMIT_IFACE_IN	= 0x0004,
-	IPT_ADDRTYPE_LIMIT_IFACE_OUT	= 0x0008,
+	XT_ADDRTYPE_INVERT_SOURCE	= 0x0001,
+	XT_ADDRTYPE_INVERT_DEST		= 0x0002,
+	XT_ADDRTYPE_LIMIT_IFACE_IN	= 0x0004,
+	XT_ADDRTYPE_LIMIT_IFACE_OUT	= 0x0008,
 };
 
-struct ipt_addrtype_info_v1 {
+struct xt_addrtype_info_v1 {
 	__u16	source;		/* source-type mask */
 	__u16	dest;		/* dest-type mask */
 	__u32	flags;
 };
 
 /* revision 0 */
-struct ipt_addrtype_info {
+struct xt_addrtype_info {
 	__u16	source;		/* source-type mask */
 	__u16	dest;		/* dest-type mask */
 	__u32	invert_source;
diff --git a/include/linux/netfilter_ipv4/Kbuild b/include/linux/netfilter_ipv4/Kbuild
index f9930c8..8e6362b 100644
--- a/include/linux/netfilter_ipv4/Kbuild
+++ b/include/linux/netfilter_ipv4/Kbuild
@@ -7,7 +7,6 @@ header-y += ipt_REJECT.h
 header-y += ipt_SAME.h
 header-y += ipt_TTL.h
 header-y += ipt_ULOG.h
-header-y += ipt_addrtype.h
 header-y += ipt_ah.h
 header-y += ipt_ecn.h
 header-y += ipt_realm.h
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index f926a31..1dfc18a 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -64,16 +64,6 @@ config IP_NF_IPTABLES
 if IP_NF_IPTABLES
 
 # The matches.
-config IP_NF_MATCH_ADDRTYPE
-	tristate '"addrtype" address type match support'
-	depends on NETFILTER_ADVANCED
-	help
-	  This option allows you to match what routing thinks of an address,
-	  eg. UNICAST, LOCAL, BROADCAST, ...
-
-	  If you want to compile it as a module, say M here and read
-	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
-
 config IP_NF_MATCH_AH
 	tristate '"ah" match support'
 	depends on NETFILTER_ADVANCED
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 19eb59d..dca2082 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -48,7 +48,6 @@ obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
 obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
 
 # matches
-obj-$(CONFIG_IP_NF_MATCH_ADDRTYPE) += ipt_addrtype.o
 obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
 obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
 
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 82a6e0d..32bff6d 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -649,6 +649,16 @@ config NETFILTER_XT_TARGET_TCPOPTSTRIP
 
 comment "Xtables matches"
 
+config NETFILTER_XT_MATCH_ADDRTYPE
+	tristate '"addrtype" address type match support'
+	depends on NETFILTER_ADVANCED
+	---help---
+	  This option allows you to match what routing thinks of an address,
+	  eg. UNICAST, LOCAL, BROADCAST, ...
+
+	  If you want to compile it as a module, say M here and read
+	  <file:Documentation/kbuild/modules.txt>.  If unsure, say `N'.
+
 config NETFILTER_XT_MATCH_CLUSTER
 	tristate '"cluster" match support'
 	depends on NF_CONNTRACK
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index d57a890..1a02853 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -70,6 +70,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o
 
 # matches
+obj-$(CONFIG_NETFILTER_XT_MATCH_ADDRTYPE) += xt_addrtype.o
 obj-$(CONFIG_NETFILTER_XT_MATCH_CLUSTER) += xt_cluster.o
 obj-$(CONFIG_NETFILTER_XT_MATCH_COMMENT) += xt_comment.o
 obj-$(CONFIG_NETFILTER_XT_MATCH_CONNBYTES) += xt_connbytes.o
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/netfilter/xt_addrtype.c
similarity index 79%
rename from net/ipv4/netfilter/ipt_addrtype.c
rename to net/netfilter/xt_addrtype.c
index db8bff0..e89c0b8 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/netfilter/xt_addrtype.c
@@ -16,12 +16,13 @@
 #include <linux/ip.h>
 #include <net/route.h>
 
-#include <linux/netfilter_ipv4/ipt_addrtype.h>
+#include <linux/netfilter/xt_addrtype.h>
 #include <linux/netfilter/x_tables.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
-MODULE_DESCRIPTION("Xtables: address type match for IPv4");
+MODULE_DESCRIPTION("Xtables: address type match");
+MODULE_ALIAS("ipt_addrtype");
 
 static inline bool match_type(struct net *net, const struct net_device *dev,
 			      __be32 addr, u_int16_t mask)
@@ -33,7 +34,7 @@ static bool
 addrtype_mt_v0(const struct sk_buff *skb, struct xt_action_param *par)
 {
 	struct net *net = dev_net(par->in ? par->in : par->out);
-	const struct ipt_addrtype_info *info = par->matchinfo;
+	const struct xt_addrtype_info *info = par->matchinfo;
 	const struct iphdr *iph = ip_hdr(skb);
 	bool ret = true;
 
@@ -51,31 +52,31 @@ static bool
 addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
 {
 	struct net *net = dev_net(par->in ? par->in : par->out);
-	const struct ipt_addrtype_info_v1 *info = par->matchinfo;
+	const struct xt_addrtype_info_v1 *info = par->matchinfo;
 	const struct iphdr *iph = ip_hdr(skb);
 	const struct net_device *dev = NULL;
 	bool ret = true;
 
-	if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN)
+	if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN)
 		dev = par->in;
-	else if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT)
+	else if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT)
 		dev = par->out;
 
 	if (info->source)
 		ret &= match_type(net, dev, iph->saddr, info->source) ^
-		       (info->flags & IPT_ADDRTYPE_INVERT_SOURCE);
+		       (info->flags & XT_ADDRTYPE_INVERT_SOURCE);
 	if (ret && info->dest)
 		ret &= match_type(net, dev, iph->daddr, info->dest) ^
-		       !!(info->flags & IPT_ADDRTYPE_INVERT_DEST);
+		       !!(info->flags & XT_ADDRTYPE_INVERT_DEST);
 	return ret;
 }
 
 static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
 {
-	struct ipt_addrtype_info_v1 *info = par->matchinfo;
+	struct xt_addrtype_info_v1 *info = par->matchinfo;
 
-	if (info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN &&
-	    info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
+	if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN &&
+	    info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT) {
 		pr_info("both incoming and outgoing "
 			"interface limitation cannot be selected\n");
 		return -EINVAL;
@@ -83,7 +84,7 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
 
 	if (par->hook_mask & ((1 << NF_INET_PRE_ROUTING) |
 	    (1 << NF_INET_LOCAL_IN)) &&
-	    info->flags & IPT_ADDRTYPE_LIMIT_IFACE_OUT) {
+	    info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT) {
 		pr_info("output interface limitation "
 			"not valid in PREROUTING and INPUT\n");
 		return -EINVAL;
@@ -91,7 +92,7 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
 
 	if (par->hook_mask & ((1 << NF_INET_POST_ROUTING) |
 	    (1 << NF_INET_LOCAL_OUT)) &&
-	    info->flags & IPT_ADDRTYPE_LIMIT_IFACE_IN) {
+	    info->flags & XT_ADDRTYPE_LIMIT_IFACE_IN) {
 		pr_info("input interface limitation "
 			"not valid in POSTROUTING and OUTPUT\n");
 		return -EINVAL;
@@ -105,7 +106,7 @@ static struct xt_match addrtype_mt_reg[] __read_mostly = {
 		.name		= "addrtype",
 		.family		= NFPROTO_IPV4,
 		.match		= addrtype_mt_v0,
-		.matchsize	= sizeof(struct ipt_addrtype_info),
+		.matchsize	= sizeof(struct xt_addrtype_info),
 		.me		= THIS_MODULE
 	},
 	{
@@ -114,7 +115,7 @@ static struct xt_match addrtype_mt_reg[] __read_mostly = {
 		.revision	= 1,
 		.match		= addrtype_mt_v1,
 		.checkentry	= addrtype_mt_checkentry_v1,
-		.matchsize	= sizeof(struct ipt_addrtype_info_v1),
+		.matchsize	= sizeof(struct xt_addrtype_info_v1),
 		.me		= THIS_MODULE
 	}
 };
-- 
1.7.2.2

[PATCH 2/2] netfilter: xt_addrtype: ipv6 support.

[Florian Westphal]

From: Florian Westphal <fwestphal@astaro.com>

No new match revision is introduced, as binary compatibility
is not broken (XT_ADDRTYPE_ values match the RTN_ "bitshifted"
ones used by old iptables userspace).

The kernel will refuse certain types that do not work in ipv6 mode.
We can then add these features incrementally without risk of userspace
breakage.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
---
 include/linux/netfilter/xt_addrtype.h |   17 ++++++
 net/netfilter/xt_addrtype.c           |   98 ++++++++++++++++++++++++++++++++-
 2 files changed, 113 insertions(+), 2 deletions(-)

diff --git a/include/linux/netfilter/xt_addrtype.h b/include/linux/netfilter/xt_addrtype.h
index b492fc8..b156baa 100644
--- a/include/linux/netfilter/xt_addrtype.h
+++ b/include/linux/netfilter/xt_addrtype.h
@@ -10,6 +10,23 @@ enum {
 	XT_ADDRTYPE_LIMIT_IFACE_OUT	= 0x0008,
 };
 
+
+/* rtn_type enum values from rtnetlink.h, but shifted */
+enum {
+	XT_ADDRTYPE_UNSPEC = 1 << 0,
+	XT_ADDRTYPE_UNICAST = 1 << 1,	/* 1 << RTN_UNICAST */
+	XT_ADDRTYPE_LOCAL  = 1 << 2,	/* 1 << RTN_LOCAL, etc */
+	XT_ADDRTYPE_BROADCAST = 1 << 3,
+	XT_ADDRTYPE_ANYCAST = 1 << 4,
+	XT_ADDRTYPE_MULTICAST = 1 << 5,
+	XT_ADDRTYPE_BLACKHOLE = 1 << 6,
+	XT_ADDRTYPE_UNREACHABLE = 1 << 7,
+	XT_ADDRTYPE_PROHIBIT = 1 << 8,
+	XT_ADDRTYPE_THROW = 1 << 9,
+	XT_ADDRTYPE_NAT = 1 << 10,
+	XT_ADDRTYPE_XRESOLVE = 1 << 11,
+};
+
 struct xt_addrtype_info_v1 {
 	__u16	source;		/* source-type mask */
 	__u16	dest;		/* dest-type mask */
diff --git a/net/netfilter/xt_addrtype.c b/net/netfilter/xt_addrtype.c
index e89c0b8..2220b85 100644
--- a/net/netfilter/xt_addrtype.c
+++ b/net/netfilter/xt_addrtype.c
@@ -16,6 +16,12 @@
 #include <linux/ip.h>
 #include <net/route.h>
 
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/ip6_fib.h>
+#endif
+
 #include <linux/netfilter/xt_addrtype.h>
 #include <linux/netfilter/x_tables.h>
 
@@ -23,6 +29,73 @@ MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
 MODULE_DESCRIPTION("Xtables: address type match");
 MODULE_ALIAS("ipt_addrtype");
+MODULE_ALIAS("ip6t_addrtype");
+
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+static u32 xt_addrtype_rt6_to_type(const struct rt6_info *rt)
+{
+	u32 ret;
+
+	if (!rt)
+		return XT_ADDRTYPE_UNREACHABLE;
+
+	if (rt->rt6i_flags & RTF_REJECT)
+		ret = XT_ADDRTYPE_UNREACHABLE;
+	else
+		ret = 0;
+
+	if (rt->rt6i_flags & RTF_LOCAL)
+		ret |= XT_ADDRTYPE_LOCAL;
+	if (rt->rt6i_flags & RTF_ANYCAST)
+		ret |= XT_ADDRTYPE_ANYCAST;
+	return ret;
+}
+
+static bool match_type6(struct net *net, const struct net_device *dev,
+				const struct in6_addr *addr, u16 mask)
+{
+	int addr_type = ipv6_addr_type(addr);
+
+	if ((mask & XT_ADDRTYPE_MULTICAST) &&
+	    !(addr_type & IPV6_ADDR_MULTICAST))
+		return false;
+	if ((mask & XT_ADDRTYPE_UNICAST) && !(addr_type & IPV6_ADDR_UNICAST))
+		return false;
+	if ((mask & XT_ADDRTYPE_UNSPEC) && addr_type != IPV6_ADDR_ANY)
+		return false;
+
+	if ((XT_ADDRTYPE_LOCAL | XT_ADDRTYPE_ANYCAST |
+	     XT_ADDRTYPE_UNREACHABLE) & mask) {
+		struct rt6_info *rt;
+		u32 type;
+		int ifindex = dev ? dev->ifindex : 0;
+
+		rt = rt6_lookup(net, addr, NULL, ifindex, !!dev);
+
+		type = xt_addrtype_rt6_to_type(rt);
+
+		dst_release(&rt->dst);
+		return !!(mask & type);
+	}
+	return true;
+}
+
+static bool
+addrtype_mt6(struct net *net, const struct net_device *dev,
+	const struct sk_buff *skb, const struct xt_addrtype_info_v1 *info)
+{
+	const struct ipv6hdr *iph = ipv6_hdr(skb);
+	bool ret = true;
+
+	if (info->source)
+		ret &= match_type6(net, dev, &iph->saddr, info->source) ^
+		       (info->flags & XT_ADDRTYPE_INVERT_SOURCE);
+	if (ret && info->dest)
+		ret &= match_type6(net, dev, &iph->daddr, info->dest) ^
+		       !!(info->flags & XT_ADDRTYPE_INVERT_DEST);
+	return ret;
+}
+#endif
 
 static inline bool match_type(struct net *net, const struct net_device *dev,
 			      __be32 addr, u_int16_t mask)
@@ -53,7 +126,7 @@ addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
 {
 	struct net *net = dev_net(par->in ? par->in : par->out);
 	const struct xt_addrtype_info_v1 *info = par->matchinfo;
-	const struct iphdr *iph = ip_hdr(skb);
+	const struct iphdr *iph;
 	const struct net_device *dev = NULL;
 	bool ret = true;
 
@@ -62,6 +135,11 @@ addrtype_mt_v1(const struct sk_buff *skb, struct xt_action_param *par)
 	else if (info->flags & XT_ADDRTYPE_LIMIT_IFACE_OUT)
 		dev = par->out;
 
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+	if (par->family == NFPROTO_IPV6)
+		return addrtype_mt6(net, dev, skb, info);
+#endif
+	iph = ip_hdr(skb);
 	if (info->source)
 		ret &= match_type(net, dev, iph->saddr, info->source) ^
 		       (info->flags & XT_ADDRTYPE_INVERT_SOURCE);
@@ -98,6 +176,22 @@ static int addrtype_mt_checkentry_v1(const struct xt_mtchk_param *par)
 		return -EINVAL;
 	}
 
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+	if (par->family == NFPROTO_IPV6) {
+		if ((info->source | info->dest) & XT_ADDRTYPE_BLACKHOLE) {
+			pr_err("ipv6 BLACKHOLE matching not supported\n");
+			return -EINVAL;
+		}
+		if ((info->source | info->dest) >= XT_ADDRTYPE_PROHIBIT) {
+			pr_err("ipv6 PROHIBT (THROW, NAT ..) matching not supported\n");
+			return -EINVAL;
+		}
+		if ((info->source | info->dest) & XT_ADDRTYPE_BROADCAST) {
+			pr_err("ipv6 does not support BROADCAST matching\n");
+			return -EINVAL;
+		}
+	}
+#endif
 	return 0;
 }
 
@@ -111,7 +205,7 @@ static struct xt_match addrtype_mt_reg[] __read_mostly = {
 	},
 	{
 		.name		= "addrtype",
-		.family		= NFPROTO_IPV4,
+		.family		= NFPROTO_UNSPEC,
 		.revision	= 1,
 		.match		= addrtype_mt_v1,
 		.checkentry	= addrtype_mt_checkentry_v1,
-- 
1.7.2.2

Re: [PATCH 1/2] netfilter: ipt_addrtype: rename to xt_addrtype

[Patrick McHardy]

Am 05.03.2011 17:08, schrieb Florian Westphal:
> From: Florian Westphal <fwestphal@astaro.com>
> 
> followup patch will add ipv6 support.
> 
> Signed-off-by: Florian Westphal <fwestphal@astaro.com>
> ---
>  include/linux/netfilter/Kbuild                     |    1 +
>  .../ipt_addrtype.h => netfilter/xt_addrtype.h}     |   16 +++++-----

Please keep this file and the original definitions for a while
(add to feature-removal-schedule) for compatibility. You can
redefine them to the xt_ values/structures so they can be used
inside the kernel.

Re: [PATCH 1/2] netfilter: ipt_addrtype: rename to xt_addrtype

[Jan Engelhardt]

On Tuesday 2011-03-08 16:11, Patrick McHardy wrote:

>Am 05.03.2011 17:08, schrieb Florian Westphal:
>> From: Florian Westphal <fwestphal@astaro.com>
>> 
>> followup patch will add ipv6 support.
>> 
>> Signed-off-by: Florian Westphal <fwestphal@astaro.com>
>> ---
>>  include/linux/netfilter/Kbuild                     |    1 +
>>  .../ipt_addrtype.h => netfilter/xt_addrtype.h}     |   16 +++++-----
>
>Please keep this file and the original definitions for a while
>(add to feature-removal-schedule) for compatibility. You can
>redefine them to the xt_ values/structures so they can be used
>inside the kernel.

Just like ipt_realm.h does, yeah.

Re: [PATCH 1/2] netfilter: ipt_addrtype: rename to xt_addrtype

[Florian Westphal]

Jan Engelhardt <jengelh@medozas.de> wrote:
> On Tuesday 2011-03-08 16:11, Patrick McHardy wrote:
> 
> >Am 05.03.2011 17:08, schrieb Florian Westphal:
> >> From: Florian Westphal <fwestphal@astaro.com>
> >> 
> >> followup patch will add ipv6 support.
> >> 
> >> Signed-off-by: Florian Westphal <fwestphal@astaro.com>
> >> ---
> >>  include/linux/netfilter/Kbuild                     |    1 +
> >>  .../ipt_addrtype.h => netfilter/xt_addrtype.h}     |   16 +++++-----
> >
> >Please keep this file and the original definitions for a while
> >(add to feature-removal-schedule) for compatibility. You can
> >redefine them to the xt_ values/structures so they can be used
> >inside the kernel.
> 
> Just like ipt_realm.h does, yeah.

Sorry, redefining structures and enums is really not my cup of tea.

If thats really what you would prefer (as opposed to keeping the file
as-is) I can send a V3 patch that includes xt_addrtype.h and then
re-defines the enums/structures with the ipt_ prefixes.

But personally I would prefer to just keep it as-is and then remove it
in a year or so.

Re: [PATCH 1/2] netfilter: ipt_addrtype: rename to xt_addrtype

[Jan Engelhardt]

On Wednesday 2011-03-09 20:54, Florian Westphal wrote:

>Jan Engelhardt <jengelh@medozas.de> wrote:
>> On Tuesday 2011-03-08 16:11, Patrick McHardy wrote:
>> 
>> >Am 05.03.2011 17:08, schrieb Florian Westphal:
>> >> From: Florian Westphal <fwestphal@astaro.com>
>> >> 
>> >> followup patch will add ipv6 support.
>> >> 
>> >> Signed-off-by: Florian Westphal <fwestphal@astaro.com>
>> >> ---
>> >>  include/linux/netfilter/Kbuild                     |    1 +
>> >>  .../ipt_addrtype.h => netfilter/xt_addrtype.h}     |   16 +++++-----
>> >
>> >Please keep this file and the original definitions for a while
>> >(add to feature-removal-schedule) for compatibility. You can
>> >redefine them to the xt_ values/structures so they can be used
>> >inside the kernel.
>> 
>> Just like ipt_realm.h does, yeah.
>
>Sorry, redefining structures and enums is really not my cup of tea.
>
>If thats really what you would prefer (as opposed to keeping the file
>as-is) I can send a V3 patch that includes xt_addrtype.h and then
>re-defines the enums/structures with the ipt_ prefixes.
>
>But personally I would prefer to just keep it as-is and then remove it
>in a year or so.

I don't mind, t'was just a suggestion because ipt_realm happened to hit 
my eye.

Re: [PATCH 1/2] netfilter: ipt_addrtype: rename to xt_addrtype

[Patrick McHardy]

On 09.03.2011 21:21, Jan Engelhardt wrote:
> On Wednesday 2011-03-09 20:54, Florian Westphal wrote:
> 
>> Jan Engelhardt <jengelh@medozas.de> wrote:
>>> On Tuesday 2011-03-08 16:11, Patrick McHardy wrote:
>>>
>>>> Am 05.03.2011 17:08, schrieb Florian Westphal:
>>>>> From: Florian Westphal <fwestphal@astaro.com>
>>>>>
>>>>> followup patch will add ipv6 support.
>>>>>
>>>>> Signed-off-by: Florian Westphal <fwestphal@astaro.com>
>>>>> ---
>>>>>  include/linux/netfilter/Kbuild                     |    1 +
>>>>>  .../ipt_addrtype.h => netfilter/xt_addrtype.h}     |   16 +++++-----
>>>>
>>>> Please keep this file and the original definitions for a while
>>>> (add to feature-removal-schedule) for compatibility. You can
>>>> redefine them to the xt_ values/structures so they can be used
>>>> inside the kernel.
>>>
>>> Just like ipt_realm.h does, yeah.
>>
>> Sorry, redefining structures and enums is really not my cup of tea.
>>
>> If thats really what you would prefer (as opposed to keeping the file
>> as-is) I can send a V3 patch that includes xt_addrtype.h and then
>> re-defines the enums/structures with the ipt_ prefixes.
>>
>> But personally I would prefer to just keep it as-is and then remove it
>> in a year or so.
> 
> I don't mind, t'was just a suggestion because ipt_realm happened to hit 
> my eye.

I don't mind either as long as we keep the old definitions.