03 Mar, 2016
1 commit
-
This change prepares for upcoming on-demand xtables hook registration.
We change the protoypes of the register/unregister functions.
A followup patch will then add nf_hook_register/unregister calls
to the iptables one.Once a hook is registered packets will be picked up, so all assignments
of the formnet->ipv4.iptable_$table = new_table
have to be moved to ip(6)t_register_table, else we can see NULL
net->ipv4.iptable_$table later.This patch doesn't change functionality; without this the actual change
simply gets too big.Signed-off-by: Florian Westphal
Signed-off-by: Pablo Neira Ayuso
19 Sep, 2015
1 commit
-
The values of ops->hooknum and state->hook are guaraneted to be equal
making the hook argument to ip6t_do_table, arp_do_table, and
ipt_do_table is unnecessary. Remove the unnecessary hook argument.In the callers use state->hook instead of ops->hooknum for clarity and
to reduce the number of cachelines the callers touch.Signed-off-by: "Eric W. Biederman"
Signed-off-by: Pablo Neira Ayuso
05 Apr, 2015
1 commit
-
Signed-off-by: David S. Miller
17 Oct, 2012
1 commit
-
Remove non-UAPI Kbuild files that have become empty as a result of UAPI
disintegration. They used to have only header-y lines in them and those have
now moved to the Kbuild files in the corresponding uapi/ directories.Possibly these should not be removed but rather have a comment inserted to say
they are intentionally left blank. This would make it easier to add generated
header lines in future without having to restore the infrastructure.Note that at this point not all the UAPI disintegration parts have been merged,
so it is likely that more empty Kbuild files will turn up.It is probably necessary to make the files non-empty to prevent the patch
program from automatically deleting them when it reduces them to nothing.Signed-off-by: David Howells
09 Oct, 2012
1 commit
-
Signed-off-by: David Howells
Acked-by: Arnd Bergmann
Acked-by: Thomas Gleixner
Acked-by: Michael Kerrisk
Acked-by: Paul E. McKenney
Acked-by: Dave Jones
27 Aug, 2011
1 commit
-
These types are guaranteed to be defined by for
both userland and kernel, unlike u_intN_t.Signed-off-by: Ben Hutchings
Acked-by: Patrick McHardy
Signed-off-by: David S. Miller
14 Oct, 2010
5 commits
-
Signed-off-by: Jan Engelhardt
-
Unification of struct *_error_target was forgotten in
v2.6.16-1689-g1e30a01.Signed-off-by: Jan Engelhardt
-
Signed-off-by: Jan Engelhardt
-
Many of the used macros are just there for userspace compatibility.
Substitute the in-kernel code to directly use the terminal macro
and stuff the defines into #ifndef __KERNEL__ sections.Signed-off-by: Jan Engelhardt
15 Aug, 2010
1 commit
-
unifdef-y and header-y has same semantic.
So there is no need to have both.Drop the unifdef-y variant and sort all lines again
Signed-off-by: Sam Ravnborg
25 Feb, 2010
1 commit
-
The macro is replaced by a list.h-like foreach loop. This makes
the code much more inspectable.Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
11 Feb, 2010
1 commit
-
The static initial tables are pretty large, and after the net
namespace has been instantiated, they just hang around for nothing.
This commit removes them and creates tables on-demand at runtime when
needed.Size shrinks by 7735 bytes (x86_64).
Signed-off-by: Jan Engelhardt
05 Nov, 2009
1 commit
-
This cleanup patch puts struct/union/enum opening braces,
in first line to ease grep games.struct something
{becomes :
struct something {
Signed-off-by: Eric Dumazet
Signed-off-by: David S. Miller
24 Aug, 2009
1 commit
-
The inputted table is never modified, so should be considered const.
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
22 May, 2008
1 commit
-
Greg Steuck points out that some of the netfilter
headers can't be used in userspace without including linux/types.h
first. The headers include their own linux/types.h include statements,
these are stripped by make headers-install because they are inside
#ifdef __KERNEL__ however. Move them out to fix this.Reported and Tested by Greg Steuck.
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
14 Apr, 2008
3 commits
-
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy -
Signed-off-by: Jan Engelhardt
Signed-off-by: Patrick McHardy
01 Feb, 2008
2 commits
-
* Propagate netns from userspace.
* arpt_register_table() registers table in supplied netns.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Typical table module registers xt_table structure (i.e. packet_filter)
and link it to list during it. We can't use one template for it because
corresponding list_head will become corrupted. We also can't unregister
with template because it wasn't changed at all and thus doesn't know in
which list it is.So, we duplicate template at the very first step of table registration.
Table modules will save it for use during unregistration time and actual
filtering.Do it at once to not screw bisection.
P.S.: renaming i.e. packet_filter => __packet_filter is temporary until
full netnsization of table modules is done.Signed-off-by: Alexey Dobriyan
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Jan, 2008
3 commits
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
16 Oct, 2007
1 commit
-
With all the users of the double pointers removed, this patch mops up by
finally replacing all occurances of sk_buff ** in the netfilter API by
sk_buff *.Signed-off-by: Herbert Xu
Signed-off-by: David S. Miller
11 May, 2007
1 commit
-
- move arp_tables initial table structure definitions to arp_tables.h
similar to ip_tables and ip6_tables- use C99 initializers
- use initializer macros where possible
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
10 Jan, 2007
1 commit
-
The included patch translates arpt_counters to xt_counters, making
userspace arptables compile against recent kernels.Signed-off-by: Bart De Schuymer
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
16 Nov, 2006
1 commit
-
66 and 67 for getsockopt on IPv6 socket is doubly used for IPv6 Advanced
API and ip6tables. This moves numbers for ip6tables to 68 and 69.
This also kills XT_SO_* because {ip,ip6,arp}_tables doesn't have so much
common numbers now.The old userland tools keep to behave as ever, because old kernel always
calls functions of IPv6 Advanced API for their numbers.Signed-off-by: Yasuyuki Kozakai
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
29 Sep, 2006
1 commit
-
Signed-off-by: Al Viro
Signed-off-by: David S. Miller
23 Sep, 2006
1 commit
-
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
19 Sep, 2006
1 commit
-
Signed-off-by: David Woodhouse
18 Jun, 2006
1 commit
-
This adds the Kbuild files listing the files which are to be installed by
the 'headers_install' make target, in generic directories.Signed-off-by: David Woodhouse
23 Mar, 2006
2 commits
-
This patch moves {ip,ip6,arp}t_entry_{match,target} definitions to
x_tables.h. This move simplifies code and future compatibility fixes.Signed-off-by: Dmitry Mishin
Acked-off-by: Kirill Korotaev
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller -
Set the family field in xt_[matches|targets] registered.
Signed-off-by: Pablo Neira Ayuso
Signed-off-by: Patrick McHardy
Signed-off-by: David S. Miller
13 Jan, 2006
1 commit
-
This monster-patch tries to do the best job for unifying the data
structures and backend interfaces for the three evil clones ip_tables,
ip6_tables and arp_tables. In an ideal world we would never have
allowed this kind of copy+paste programming... but well, our world
isn't (yet?) ideal.o introduce a new x_tables module
o {ip,arp,ip6}_tables depend on this x_tables module
o registration functions for tables, matches and targets are only
wrappers around x_tables provided functions
o all matches/targets that are used from ip_tables and ip6_tables
are now implemented as xt_FOOBAR.c files and provide module aliases
to ipt_FOOBAR and ip6t_FOOBAR
o header files for xt_matches are in include/linux/netfilter/,
include/linux/netfilter_{ipv4,ipv6} contains compatibility wrappers
around the xt_FOOBAR.h headersBased on this patchset we're going to further unify the code,
gradually getting rid of all the layer 3 specific assumptions.Signed-off-by: Harald Welte
Signed-off-by: David S. Miller
01 Nov, 2005
1 commit
-
Like ip_tables already has it for some time, this adds support for
having multiple revisions for each match/target. We steal one byte from
the name in order to accomodate a 8 bit version number.Signed-off-by: Harald Welte
Signed-off-by: Arnaldo Carvalho de Melo
17 Apr, 2005
1 commit
-
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.Let it rip!
