12 May, 2010

3 commits

• b4ba26119   netfilter: xtables: change hotdrop pointer to direct modification ... Browse Code »

  Since xt_action_param is writable, let's use it. The pointer to
  'bool hotdrop' always worried (8 bytes (64-bit) to write 1 byte!).
  Surprisingly results in a reduction in size:

  text data bss filename
  5457066 692730 357892 vmlinux.o-prev
  5456554 692730 357892 vmlinux.o

  Signed-off-by: Jan Engelhardt

  Jan Engelhardt

  2010-05-12 00:35:27 +0800  
• 62fc80510   netfilter: xtables: deconstify struct xt_action_param for matches ... Browse Code »

  In future, layer-3 matches will be an xt module of their own, and
  need to set the fragoff and thoff fields. Adding more pointers would
  needlessy increase memory requirements (esp. so for 64-bit, where
  pointers are wider).

  Signed-off-by: Jan Engelhardt

  Jan Engelhardt

  2010-05-12 00:33:37 +0800  
• 4b560b447   netfilter: xtables: substitute temporary defines by final name ... Browse Code »

  Signed-off-by: Jan Engelhardt

  Jan Engelhardt

  2010-05-12 00:31:17 +0800  

25 Mar, 2010

3 commits

• bd414ee60   netfilter: xtables: change matches to return error code ... Browse Code »

  The following semantic patch does part of the transformation:
  //
  @ rule1 @
  struct xt_match ops;
  identifier check;
  @@
  ops.checkentry = check;

  @@
  identifier rule1.check;
  @@
  check(...) { }

  @@
  identifier rule1.check;
  @@
  check(...) { }
  //

  Signed-off-by: Jan Engelhardt

  Jan Engelhardt

  2010-03-25 23:55:24 +0800  
• b0f38452f   netfilter: xtables: change xt_match.checkentry return type ... Browse Code »

  Restore function signatures from bool to int so that we can report
  memory allocation failures or similar using -ENOMEM rather than
  always having to pass -EINVAL back.

  This semantic patch may not be too precise (checking for functions
  that use xt_mtchk_param rather than functions referenced by
  xt_match.checkentry), but reviewed, it produced the intended result.

  //
  @@
  type bool;
  identifier check, par;
  @@
  -bool check
  +int check
  (struct xt_mtchk_param *par) { ... }
  //

  Signed-off-by: Jan Engelhardt

  Jan Engelhardt

  2010-03-25 23:03:13 +0800  
• ff67e4e42   netfilter: xt extensions: use pr_<level> (2) ... Browse Code »

  Supplement to 1159683ef48469de71dc26f0ee1a9c30d131cf89.

  Downgrade the log level to INFO for most checkentry messages as they
  are, IMO, just an extra information to the -EINVAL code that is
  returned as part of a parameter "constraint violation". Leave errors
  to real errors, such as being unable to create a LED trigger.

  Signed-off-by: Jan Engelhardt

  Jan Engelhardt

  2010-03-25 22:00:04 +0800  

18 Mar, 2010

1 commit

• be91fd5e3   netfilter: xtables: replace custom duprintf with pr_debug ... Browse Code »

  Signed-off-by: Jan Engelhardt

  Jan Engelhardt

  2010-03-18 21:20:07 +0800  

08 Oct, 2008

3 commits

• 9b4fce7a3   netfilter: xtables: move extension arguments into compound structure (2/6) ... Browse Code »

  This patch does this for match extensions' checkentry functions.

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy

  Jan Engelhardt

  2008-10-08 17:35:18 +0800  
• f7108a20d   netfilter: xtables: move extension arguments into compound structure (1/6) ... Browse Code »

  The function signatures for Xtables extensions have grown over time.
  It involves a lot of typing/replication, and also a bit of stack space
  even if they are not used. Realize an NFWS2008 idea and pack them into
  structs. The skb remains outside of the struct so gcc can continue to
  apply its optimizations.

  This patch does this for match extensions' match functions.

  A few ambiguities have also been addressed. The "offset" parameter for
  example has been renamed to "fragoff" (there are so many different
  offsets already) and "protoff" to "thoff" (there is more than just one
  protocol here, so clarify).

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy

  Jan Engelhardt

  2008-10-08 17:35:18 +0800  
• ee999d8b9   netfilter: x_tables: use NFPROTO_* in extensions ... Browse Code »

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy

  Jan Engelhardt

  2008-10-08 17:35:01 +0800  

14 Apr, 2008

1 commit

• 3cf93c96a   [NETFILTER]: annotate xtables targets with const and remove casts ... Browse Code »

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy

  Jan Engelhardt

  2008-04-14 15:56:05 +0800  

29 Jan, 2008

2 commits

• 2ae15b64e   [NETFILTER]: Update modules' descriptions ... Browse Code »

  Updates the MODULE_DESCRIPTION() tags for all Netfilter modules,
  actually describing what the module does and not just
  "netfilter XYZ target".

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Jan Engelhardt

  2008-01-29 07:02:26 +0800  
• d3c5ee6d5   [NETFILTER]: x_tables: consistent and unique symbol names ... Browse Code »

  Give all Netfilter modules consistent and unique symbol names.

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Jan Engelhardt

  2008-01-29 06:55:53 +0800  

11 Jul, 2007

4 commits

• 9f15c5302   [NETFILTER]: x_tables: mark matches and targets __read_mostly ... Browse Code »

  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Patrick McHardy

  2007-07-11 13:17:15 +0800  
• ccb79bdce   [NETFILTER]: x_tables: switch xt_match->checkentry to bool ... Browse Code »

  Switch the return type of match functions to boolean

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Jan Engelhardt

  2007-07-11 13:16:58 +0800  
• 1d93a9cba   [NETFILTER]: x_tables: switch xt_match->match to bool ... Browse Code »

  Switch the return type of match functions to boolean

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Jan Engelhardt

  2007-07-11 13:16:57 +0800  
• cff533ac1   [NETFILTER]: x_tables: switch hotdrop to bool ... Browse Code »

  Switch the "hotdrop" variables to boolean

  Signed-off-by: Jan Engelhardt
  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Jan Engelhardt

  2007-07-11 13:16:56 +0800  

23 Sep, 2006

2 commits

• efa741656   [NETFILTER]: x_tables: remove unused size argument to check/destroy functions ... Browse Code »

  The size is verified by x_tables and isn't needed by the modules anymore.

  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Patrick McHardy

  2006-09-23 05:55:34 +0800  
• 4470bbc74   [NETFILTER]: x_tables: make use of mass registation helpers ... Browse Code »

  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Patrick McHardy

  2006-09-23 05:55:32 +0800  

01 Apr, 2006

1 commit

• dc5ab2fae   [NETFILTER]: x_tables: unify IPv4/IPv6 esp match ... Browse Code »

  This unifies ipt_esp and ip6t_esp to xt_esp. Please note that now
  a user program needs to specify IPPROTO_ESP as protocol to use esp match
  with IPv6. This means that ip6tables requires '-p esp' like iptables.

  Signed-off-by: Yasuyuki Kozakai
  Signed-off-by: Patrick McHardy
  Signed-off-by: David S. Miller

  Yasuyuki Kozakai

  2006-04-01 18:22:30 +0800