03 Mar, 2016
1 commit
-
This change prepares for upcoming on-demand xtables hook registration.
We change the protoypes of the register/unregister functions.
A followup patch will then add nf_hook_register/unregister calls
to the iptables one.Once a hook is registered packets will be picked up, so all assignments
of the formnet->ipv4.iptable_$table = new_table
have to be moved to ip(6)t_register_table, else we can see NULL
net->ipv4.iptable_$table later.This patch doesn't change functionality; without this the actual change
simply gets too big.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
19 Sep, 2015
1 commit
-
The values of ops->hooknum and state->hook are guaraneted to be equal
making the hook argument to ip6t_do_table, arp_do_table, and
ipt_do_table is unnecessary. Remove the unnecessary hook argument.In the callers use state->hook instead of ops->hooknum for clarity and
to reduce the number of cachelines the callers touch.Signed-off-by: "Eric W. Biederman"
Signed-off-by: Pablo Neira Ayuso
05 Apr, 2015
1 commit
-
Signed-off-by: David S. Miller
01 Dec, 2012
1 commit
-
Conflicts:
net/ipv6/exthdrs_core.cJesse Gross says:
====================
This series of improvements for 3.8/net-next contains four components:
* Support for modifying IPv6 headers
* Support for matching and setting skb->mark for better integration with
things like iptables
* Ability to recognize the EtherType for RARP packets
* Two small performance enhancementsThe movement of ipv6_find_hdr() into exthdrs_core.c causes two small merge
conflicts. I left it as is but can do the merge if you want. The conflicts
are:
* ipv6_find_hdr() and ipv6_find_tlv() were both moved to the bottom of
exthdrs_core.c. Both should stay.
* A new use of ipv6_find_hdr() was added to net/netfilter/ipvs/ip_vs_core.c
after this patch. The IPVS user has two instances of the old constant
name IP6T_FH_F_FRAG which has been renamed to IP6_FH_F_FRAG.
====================Signed-off-by: David S. Miller
10 Nov, 2012
1 commit
-
Open vSwitch will soon also use ipv6_find_hdr() so this moves it
out of Netfilter-specific code into a more common location.Signed-off-by: Jesse Gross
17 Oct, 2012
1 commit
-
Remove non-UAPI Kbuild files that have become empty as a result of UAPI
disintegration. They used to have only header-y lines in them and those have
now moved to the Kbuild files in the corresponding uapi/ directories.Possibly these should not be removed but rather have a comment inserted to say
they are intentionally left blank. This would make it easier to add generated
header lines in future without having to restore the infrastructure.Note that at this point not all the UAPI disintegration parts have been merged,
so it is likely that more empty Kbuild files will turn up.It is probably necessary to make the files non-empty to prevent the patch
program from automatically deleting them when it reduces them to nothing.Signed-off-by: David Howells
09 Oct, 2012
1 commit
-
Signed-off-by: David Howells
Acked-by: Arnd Bergmann
Acked-by: Thomas Gleixner
Acked-by: Michael Kerrisk
Acked-by: Paul E. McKenney
Acked-by: Dave Jones
30 Aug, 2012
1 commit
-
Signed-off-by: Patrick McHardy
09 May, 2012
1 commit
-
This patch adds the flags parameter to ipv6_find_hdr. This flags
allows us to:* know if this is a fragment.
* stop at the AH header, so the information contained in that header
can be used for some specific packet handling.This patch also adds the offset parameter for inspection of one
inner IPv6 header that is contained in error messages.Signed-off-by: Hans Schillstrom
Signed-off-by: Pablo Neira Ayuso
09 Apr, 2012
1 commit
-
We may hit this in xt_LOG:
net/built-in.o:xt_LOG.c:function dump_ipv6_packet:
error: undefined reference to 'ip6t_ext_hdr'happens with these config options:
CONFIG_NETFILTER_XT_TARGET_LOG=y
CONFIG_IP6_NF_IPTABLES=mip6t_ext_hdr is fairly small and it is called in the packet path.
Make it static inline.Reported-by: Simon Kirby
Signed-off-by: Pablo Neira Ayuso
08 Mar, 2012
1 commit
-
ipt_LOG and ip6_LOG have a lot of common code, merge them
to reduce duplicate code.Signed-off-by: Richard Weinberger
Signed-off-by: Pablo Neira Ayuso
27 Aug, 2011
1 commit
-
These types are guaranteed to be defined by for
both userland and kernel, unlike u_intN_t.Signed-off-by: Ben Hutchings
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller
21 Jan, 2011
1 commit
-
Resolve these warnings on `make headers_check`:
usr/include/linux/netfilter/xt_CT.h:7: found __[us]{8,16,32,64} type
without #include
...Signed-off-by: Jan Engelhardt
18 Jan, 2011
1 commit
-
Signed-off-by: Jan Engelhardt
14 Oct, 2010
5 commits
-
Signed-off-by: Jan Engelhardt
-
Unification of struct *_error_target was forgotten in
v2.6.16-1689-g1e30a01.Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
-
Many of the used macros are just there for userspace compatibility.
Substitute the in-kernel code to directly use the terminal macro
and stuff the defines into #ifndef __KERNEL__ sections.Signed-off-by: Jan Engelhardt
15 Aug, 2010
1 commit
-
unifdef-y and header-y has same semantic.
So there is no need to have both.Drop the unifdef-y variant and sort all lines again
Signed-off-by: Sam Ravnborg
28 Jun, 2010
1 commit
-
The LOG targets print the entire MAC header as one long string, which is not
readable very well:IN=eth0 OUT= MAC=00:15:f2:24:91:f8:00:1b:24:dc:61:e6:08:00 ...
Add an option to decode known header formats (currently just ARPHRD_ETHER devices)
in their individual fields:IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=0800 ...
IN=eth0 OUT= MACSRC=00:1b:24:dc:61:e6 MACDST=00:15:f2:24:91:f8 MACPROTO=86dd ...The option needs to be explicitly enabled by userspace to avoid breaking
existing parsers.Signed-off-by: Patrick McHardy
08 Mar, 2010
1 commit
-
Commit f2ffd9ee... ("[NETFILTER]: Move ip6_masked_addrcmp to
include/net/ipv6.h") replaced ip6_masked_addrcmp() with
ipv6_masked_addr_cmp(). Function definition went away.Let's remove its declaration as well in header file.
Signed-off-by: YOSHIFUJI Hideaki
Signed-off-by: Patrick McHardy
25 Feb, 2010
2 commits
-
The macro is replaced by a list.h-like foreach loop. This makes
the code more inspectable.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
The macro is replaced by a list.h-like foreach loop. This makes
the code much more inspectable.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
11 Feb, 2010
1 commit
-
The static initial tables are pretty large, and after the net
namespace has been instantiated, they just hang around for nothing.
This commit removes them and creates tables on-demand at runtime when
needed.Size shrinks by 7735 bytes (x86_64).
Signed-off-by: Jan Engelhardt
18 Jan, 2010
1 commit
-
Add ->net to match destructor list like ->net in constructor list.
Make sure it's set in ebtables/iptables/ip6tables, this requires to
propagate netns up to *_unregister_table().Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
05 Nov, 2009
1 commit
-
This cleanup patch puts struct/union/enum opening braces,
in first line to ease grep games.struct something
{becomes :
struct something {
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
24 Aug, 2009
1 commit
-
The inputted table is never modified, so should be considered const.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
10 Aug, 2009
2 commits
-
When IPv4 and IPv6 matches were unified approx. 3.5 years ago, they
received new header filenames (e.g. xt_CLASSIFY.h). Let's remove the
old ones now.Signed-off-by: Jan Engelhardt
-
Superseded by xt_owner v1 (v2.6.24-2388-g0265ab4).
Signed-off-by: Jan Engelhardt
27 Mar, 2009
2 commits
-
…el/git/tip/linux-2.6-tip
* 'header-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (50 commits)
x86: headers cleanup - setup.h
emu101k1.h: fix duplicate include of <linux/types.h>
compiler-gcc4: conditionalize #error on __KERNEL__
remove __KERNEL_STRICT_NAMES
make netfilter use strict integer types
make drm headers use strict integer types
make MTD headers use strict integer types
make most exported headers use strict integer types
make exported headers use strict posix types
unconditionally include asm/types.h from linux/types.h
make linux/types.h as assembly safe
Neither asm/types.h nor linux/types.h is required for arch/ia64/include/asm/fpu.h
headers_check fix cleanup: linux/reiserfs_fs.h
headers_check fix cleanup: linux/nubus.h
headers_check fix cleanup: linux/coda_psdev.h
headers_check fix: x86, setup.h
headers_check fix: x86, prctl.h
headers_check fix: linux/reinserfs_fs.h
headers_check fix: linux/socket.h
headers_check fix: linux/nubus.h
...Manually fix trivial conflicts in:
include/linux/netfilter/xt_limit.h
include/linux/netfilter/xt_statistic.h -
A number of standard posix types are used in exported headers, which
is not allowed if __STRICT_KERNEL_NAMES is defined. In order to
get rid of the non-__STRICT_KERNEL_NAMES part and to make sane headers
the default, we have to change them all to safe types.There are also still some leftovers in reiserfs_fs.h, elfcore.h
and coda.h, but these files have not compiled in user space for
a long time.This leaves out the various integer types ({u_,u,}int{8,16,32,64}_t),
which we take care of separately.Signed-off-by: Arnd Bergmann
Acked-by: Mauro Carvalho Chehab
Cc: David Airlie
Cc: Arnaldo Carvalho de Melo
Cc: YOSHIFUJI Hideaki
Cc: netdev@vger.kernel.org
Cc: linux-ppp@vger.kernel.org
Cc: Jaroslav Kysela
Cc: Takashi Iwai
Cc: David Woodhouse
Signed-off-by: H. Peter Anvin
Signed-off-by: Ingo Molnar
24 Feb, 2009
1 commit
-
iptables imports headers from (the unifdefed headers of a)
kernel tree, but some headers happened to not be installed.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
20 Nov, 2008
1 commit
-
It seems that all of the include/netfilter_{ipv4,ipv6}/{ipt,ip6t}_*.h which
share constants include the corresponding include/netfilter/xp_*.h files.
Neither ipt_policy.h not ip6t_policy.h do. Make these consistant with
the norm.Signed-off-by: Andy Whitcroft
Signed-off-by: Patrick McHardy
22 May, 2008
1 commit
-
Greg Steuck points out that some of the netfilter
headers can't be used in userspace without including linux/types.h
first. The headers include their own linux/types.h include statements,
these are stripped by make headers-install because they are inside
#ifdef __KERNEL__ however. Move them out to fix this.Reported and Tested by Greg Steuck.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
01 Feb, 2008
2 commits
-
* Propagate netns from userspace down to xt_find_table_lock()
* Register ip6 tables in netns (modules still use init_net)Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Typical table module registers xt_table structure (i.e. packet_filter)
and link it to list during it. We can't use one template for it because
corresponding list_head will become corrupted. We also can't unregister
with template because it wasn't changed at all and thus doesn't know in
which list it is.So, we duplicate template at the very first step of table registration.
Table modules will save it for use during unregistration time and actual
filtering.Do it at once to not screw bisection.
P.S.: renaming i.e. packet_filter => __packet_filter is temporary until
full netnsization of table modules is done.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
3 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller