12 May, 2010
2 commits
-
In future, layer-3 matches will be an xt module of their own, and
need to set the fragoff and thoff fields. Adding more pointers would
needlessy increase memory requirements (esp. so for 64-bit, where
pointers are wider).Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
25 Mar, 2010
5 commits
-
The return value of nf_ct_l3proto_get can directly be returned even in
the case of success.Signed-off-by: Jan Engelhardt
-
When extended status codes are available, such as ENOMEM on failed
allocations, or subsequent functions (e.g. nf_ct_get_l3proto), passing
them up to userspace seems like a good idea compared to just always
EINVAL.Signed-off-by: Jan Engelhardt
-
The following semantic patch does part of the transformation:
//
@ rule1 @
struct xt_match ops;
identifier check;
@@
ops.checkentry = check;@@
identifier rule1.check;
@@
check(...) { }@@
identifier rule1.check;
@@
check(...) { }
//Signed-off-by: Jan Engelhardt
-
Restore function signatures from bool to int so that we can report
memory allocation failures or similar using -ENOMEM rather than
always having to pass -EINVAL back.//
@@
type bool;
identifier check, par;
@@
-bool check
+int check
(struct xt_tgchk_param *par) { ... }
//Minus the change it does to xt_ct_find_proto.
Signed-off-by: Jan Engelhardt
-
Restore function signatures from bool to int so that we can report
memory allocation failures or similar using -ENOMEM rather than
always having to pass -EINVAL back.This semantic patch may not be too precise (checking for functions
that use xt_mtchk_param rather than functions referenced by
xt_match.checkentry), but reviewed, it produced the intended result.//
@@
type bool;
identifier check, par;
@@
-bool check
+int check
(struct xt_mtchk_param *par) { ... }
//Signed-off-by: Jan Engelhardt
18 Mar, 2010
1 commit
-
Signed-off-by: Jan Engelhardt
17 Mar, 2010
2 commits
-
Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
10 Aug, 2009
1 commit
-
Superseded by xt_connmark v1 (v2.6.24-2919-g96e3227).
Signed-off-by: Jan Engelhardt
08 Oct, 2008
5 commits
-
Using ->family in struct xt_*_param, multiple struct xt_{match,target}
can be squashed together.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
This patch does this for match extensions' destroy functions.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
This patch does this for match extensions' checkentry functions.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
The function signatures for Xtables extensions have grown over time.
It involves a lot of typing/replication, and also a bit of stack space
even if they are not used. Realize an NFWS2008 idea and pack them into
structs. The skb remains outside of the struct so gcc can continue to
apply its optimizations.This patch does this for match extensions' match functions.
A few ambiguities have also been addressed. The "offset" parameter for
example has been renamed to "fragoff" (there are so many different
offsets already) and "protoff" to "thoff" (there is more than just one
protocol here, so clarify).Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
29 Jan, 2008
5 commits
-
Updates the MODULE_DESCRIPTION() tags for all Netfilter modules,
actually describing what the module does and not just
"netfilter XYZ target".Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Introduces the xt_connmark match revision 1. It uses fixed types,
eventually obsoleting revision 0 some day (uses nonfixed types).
(Unfixed types like "unsigned long" do not play well with mixed
user-/kernelspace "bitness", e.g. 32/64, as is common on SPARC64,
and need extra compat code.)Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Use %u format specifiers as ->family is unsigned.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Give all Netfilter modules consistent and unique symbol names.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
20 Oct, 2007
1 commit
-
Fix the various misspellings of "system", controller", "interrupt" and
"[un]necessary".Signed-off-by: Robert P. J. Day
Signed-off-by: Adrian Bunk
12 Oct, 2007
1 commit
-
The patch will add MODULE_ALIAS("ip6t_") where missing,
otherwise you will getip6tables: No chain/target/match by that name
when xt_ is not already loaded.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
11 Jul, 2007
6 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Removes redundant parentheses and braces (And add one pair in a
xt_tcpudp.c macro).Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Make a number of variables const and/or remove unneeded casts.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Switch the return type of match functions to boolean
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Switch the return type of match functions to boolean
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Switch the "hotdrop" variables to boolean
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
26 Apr, 2007
1 commit
-
Remove the obsolete IPv4 only connection tracking/NAT as scheduled in
feature-removal-schedule.Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
14 Dec, 2006
1 commit
-
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
16 Oct, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
23 Sep, 2006
3 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
The size is verified by x_tables and isn't needed by the modules anymore.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
18 Jun, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Mar, 2006
1 commit
-
Every netfilter module uses `init' for its module_init() function and
`fini' or `cleanup' for its module_exit() function.Problem is, this creates uninformative initcall_debug output and makes
ctags rather useless.So go through and rename them all to $(filename)_init and
$(filename)_fini.Signed-off-by: Andrew Morton
Signed-off-by: David S. Miller
23 Mar, 2006
2 commits
-
x_tables matches and targets that require nf_conntrack_ipv[4|6] to work
don't have enough information to load on demand these modules. This
patch introduces the following changes to solve this issue:o nf_ct_l3proto_try_module_get: try to load the layer 3 connection
tracker module and increases the refcount.
o nf_ct_l3proto_module put: drop the refcount of the module.Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Set the family field in xt_[matches|targets] registered.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
21 Mar, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller