From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next,v2 0/7] handle NFPROTO_INET from core
Date: Sun, 10 Dec 2017 21:34:48 +0100 [thread overview]
Message-ID: <20171210203455.11651-1-pablo@netfilter.org> (raw)
NFPROTO_INET only works for nf_tables, handle this pseudofamily from
the core itself by expanding one NFPROTO_INET hook in two hook
registrations, one for NFPROTO_IPV4 and another for NFPROTO_IPV6.
This removes quite a bit of ad-hoc infrastructure in nf_tables, so it
makes it less complex.
There's a final patch that also removes the family-specific hooks for
filter chains, now all hooks are already define in the chain type.
Pablo Neira Ayuso (7):
netfilter: core: add nf_remove_net_hook
netfilter: core: pass hook number, family and device to nf_find_hook_list()
netfilter: core: pass family as parameter to nf_remove_net_hook()
netfilter: core: support for NFPROTO_INET hook registration
netfilter: nf_tables_inet: don't use multihook infrastructure anymore
netfilter: nf_tables: remove multihook chains and families
netfilter: nf_tables: remove hooks from family definition
include/net/netfilter/nf_tables.h | 13 +---
include/net/netfilter/nf_tables_ipv4.h | 2 -
include/net/netfilter/nf_tables_ipv6.h | 2 -
net/bridge/netfilter/nf_tables_bridge.c | 15 +++--
net/ipv4/netfilter/nf_tables_arp.c | 9 ++-
net/ipv4/netfilter/nf_tables_ipv4.c | 18 +++---
net/ipv6/netfilter/nf_tables_ipv6.c | 18 +++---
net/netfilter/core.c | 97 ++++++++++++++++++++----------
net/netfilter/nf_tables_api.c | 102 +++++++++++++-------------------
net/netfilter/nf_tables_inet.c | 69 +++++++++++++++++----
net/netfilter/nf_tables_netdev.c | 9 ++-
net/netfilter/nft_compat.c | 8 +--
12 files changed, 202 insertions(+), 160 deletions(-)
--
2.11.0
next reply other threads:[~2017-12-10 20:35 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-10 20:34 Pablo Neira Ayuso [this message]
2017-12-10 20:34 ` [PATCH nf-next,v2 1/7] netfilter: core: add nf_remove_net_hook Pablo Neira Ayuso
2017-12-10 20:34 ` [PATCH nf-next,v2 2/7] netfilter: core: pass hook number, family and device to nf_find_hook_list() Pablo Neira Ayuso
2017-12-10 20:34 ` [PATCH nf-next,v2 3/7] netfilter: core: pass family as parameter to nf_remove_net_hook() Pablo Neira Ayuso
2017-12-10 20:34 ` [PATCH nf-next,v2 4/7] netfilter: core: support for NFPROTO_INET hook registration Pablo Neira Ayuso
2017-12-10 20:34 ` [PATCH nf-next,v2 5/7] netfilter: nf_tables_inet: don't use multihook infrastructure anymore Pablo Neira Ayuso
2017-12-10 20:34 ` [PATCH nf-next,v2 6/7] netfilter: nf_tables: remove multihook chains and families Pablo Neira Ayuso
2017-12-10 20:34 ` [PATCH nf-next,v2 7/7] netfilter: nf_tables: remove hooks from family definition Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171210203455.11651-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).