[PATCH 1/7] netfilter: xtables2: initial table skeletal functions

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jan Engelhardt <jengelh@medozas.de>
To: netfilter-devel@vger.kernel.org
Cc: pablo@netfilter.org
Subject: [PATCH 1/7] netfilter: xtables2: initial table skeletal functions
Date: Thu, 19 Jan 2012 17:26:15 +0100	[thread overview]
Message-ID: <1326990381-14534-2-git-send-email-jengelh@medozas.de> (raw)
In-Reply-To: <1326990381-14534-1-git-send-email-jengelh@medozas.de>

This patch adds the xt2 table functions. Of course this does not do
anything useful yet, chain and rule support directly follow.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
 include/net/netfilter/x_tables2.h |   17 +++++++
 net/netfilter/Kconfig             |    8 +++-
 net/netfilter/Makefile            |    1 +
 net/netfilter/xt2_core.c          |   85 +++++++++++++++++++++++++++++++++++++
 4 files changed, 110 insertions(+), 1 deletions(-)
 create mode 100644 include/net/netfilter/x_tables2.h
 create mode 100644 net/netfilter/xt2_core.c

diff --git a/include/net/netfilter/x_tables2.h b/include/net/netfilter/x_tables2.h
new file mode 100644
index 0000000..a219952
--- /dev/null
+++ b/include/net/netfilter/x_tables2.h
@@ -0,0 +1,17 @@
+#ifndef _NET_NETFILTER_XTABLES2_H
+#define _NET_NETFILTER_XTABLES2_H 1
+
+#define XTABLES2_VTAG "Xtables2 A8"
+
+/**
+ * @master:	the master table
+ */
+struct xt2_pernet_data {
+	struct xt2_table __rcu *master;
+};
+
+struct xt2_table {
+	int _dummy;
+};
+
+#endif /* _NET_NETFILTER_XTABLES2_H */
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 32bff6d..5b3d9ca 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -321,7 +321,13 @@ config NETFILTER_XTABLES
 	  This is required if you intend to use any of ip_tables,
 	  ip6_tables or arp_tables.
 
-if NETFILTER_XTABLES
+config NETFILTER_XTABLES2
+	tristate "Netfilter Xtables2 packet filtering"
+	---help---
+	Xtables2 is a rework of the internal architecture of Xtables.
+	It supersedes iptables, ip6tables, arptables and ebtables.
+
+if NETFILTER_XTABLES || NETFILTER_XTABLES2
 
 comment "Xtables combined modules"
 
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 1a02853..8504ebd 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -42,6 +42,7 @@ obj-$(CONFIG_NETFILTER_TPROXY) += nf_tproxy_core.o
 
 # generic X tables 
 obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
+obj-$(CONFIG_NETFILTER_XTABLES2) += xt2_core.o
 
 # combos
 obj-$(CONFIG_NETFILTER_XT_MARK) += xt_mark.o
diff --git a/net/netfilter/xt2_core.c b/net/netfilter/xt2_core.c
new file mode 100644
index 0000000..ab73c4d
--- /dev/null
+++ b/net/netfilter/xt2_core.c
@@ -0,0 +1,85 @@
+/*
+ *	Xtables2 core
+ *	Copyright © Jan Engelhardt, 2009-2012
+ *
+ *	This program is free software: you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation, either version 2 of the License, or
+ *	(at your option) any later version.
+ */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/err.h>
+#include <linux/module.h>
+#include <linux/mutex.h>
+#include <linux/slab.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
+#include <net/netfilter/x_tables2.h>
+
+MODULE_DESCRIPTION("Netfilter Xtables2 packet filtering");
+MODULE_AUTHOR("Jan Engelhardt");
+MODULE_LICENSE("GPL");
+
+static int xtables2_net_id __read_mostly;
+
+static inline struct xt2_pernet_data *xtables2_pernet(struct net *net)
+{
+	return net_generic(net, xtables2_net_id);
+}
+
+/**
+ * Create a new table with no chains and no rules.
+ */
+static struct xt2_table *xt2_table_new(void)
+{
+	struct xt2_table *table;
+
+	table = kzalloc(sizeof(*table), GFP_KERNEL);
+	if (table == NULL)
+		return NULL;
+
+	return table;
+}
+
+static void xt2_table_free(struct xt2_table *table)
+{
+	kfree(table);
+}
+
+static int __net_init xtables2_net_init(struct net *net)
+{
+	struct xt2_pernet_data *pnet = xtables2_pernet(net);
+
+	pnet->master = xt2_table_new();
+	if (IS_ERR(pnet->master))
+		return PTR_ERR(pnet->master);
+	return 0;
+}
+
+static void __net_exit xtables2_net_exit(struct net *net)
+{
+	struct xt2_pernet_data *pnet = xtables2_pernet(net);
+
+	xt2_table_free(pnet->master);
+}
+
+static struct pernet_operations xtables2_pernet_ops = {
+	.init = xtables2_net_init,
+	.exit = xtables2_net_exit,
+	.id   = &xtables2_net_id,
+	.size = sizeof(struct xt2_pernet_data),
+};
+
+static int __init xtables2_init(void)
+{
+	pr_info(XTABLES2_VTAG ", (C) 2009-2012, J.Engelhardt\n");
+	return register_pernet_subsys(&xtables2_pernet_ops);
+}
+
+static void __exit xtables2_exit(void)
+{
+	unregister_pernet_subsys(&xtables2_pernet_ops);
+}
+
+module_init(xtables2_init);
+module_exit(xtables2_exit);
-- 
1.7.7

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2012-01-19 16:26 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-01-19 16:26 xtables2 a8, netlink interface Jan Engelhardt
2012-01-19 16:26 ` Jan Engelhardt [this message]
2012-01-20  0:23   ` [PATCH 1/7] netfilter: xtables2: initial table skeletal functions Pablo Neira Ayuso
2012-01-20  9:23     ` Jan Engelhardt
2012-01-19 16:26 ` [PATCH 2/7] netfilter: xtables2: initial Netlink interface Jan Engelhardt
2012-02-14 10:47   ` Pablo Neira Ayuso
2012-02-14 15:56     ` Jan Engelhardt
2012-02-14 19:53       ` Pablo Neira Ayuso
2012-01-19 16:26 ` [PATCH 3/7] netfilter: xtables2: chain creation and deletion Jan Engelhardt
2012-02-14 11:07   ` Pablo Neira Ayuso
2012-01-19 16:26 ` [PATCH 4/7] netfilter: xtables2: chain renaming support Jan Engelhardt
2012-01-19 16:26 ` [PATCH 5/7] netfilter: xtables2: initial table replace support Jan Engelhardt
2012-01-19 16:26 ` [PATCH 6/7] netfilter: xtables2: transaction abort support Jan Engelhardt
2012-01-19 16:26 ` [PATCH 7/7] netfilter: xtables2: redirect writes into transaction buffer Jan Engelhardt
2012-01-20  0:56 ` xtables2 a8, netlink interface Stephen Hemminger
2012-01-20  8:33   ` Jan Engelhardt
2012-01-20  9:23     ` Dave Taht
2012-01-20 16:50       ` Stephen Hemminger
2012-01-21 14:10 ` Jozsef Kadlecsik
2012-01-21 15:53   ` Jan Engelhardt
2012-01-21 20:21     ` Jozsef Kadlecsik
2012-01-23 15:42       ` Jan Engelhardt
2012-01-23 19:48         ` Jozsef Kadlecsik

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:a219952 dfblob:32bff6d dfblob:5b3d9ca dfblob:1a02853
dfblob:8504ebd dfblob:ab73c4d )
 OR (
bs:"[PATCH 1/7] netfilter: xtables2: initial table skeletal functions" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1326990381-14534-2-git-send-email-jengelh@medozas.de \
    --to=jengelh@medozas.de \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).