|
|
|
Xtables2 status for Nov 15 (RFC) | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
|
This is the second set of patches in the list that makes up Xtables2 so far
that I like to elicit comments for.
(The parent thread is at
http://www.spinics.net/lists/netfilter-devel/msg23925.html )
"highlights":
* Atomic replace of a contiguous set of rules within a chain.
This is actually a side-effect of chain packing.
* Arbitrary chains can become base chains (the magic INPUT, OUTPUT, etc.).
[Inspirted by Patrick's original nftables. No credit for me there.], but:
* Table replace remains fully atomic during the nf_hook
deregister-register cycle. (NB: Chain-level replacements do not
require a hook change.)
== userspace library and test utilities ==
Updated and available as before in
git://git.inai.de/libnetfilter_xtables
== kernel side ==
The following changes since commit e41d937ea3b35cca3f636861e520bc9f51dbc720:
netfilter: xtables2: table dump support (2012-11-15 23:22:21 +0100)
are available in the git repository at:
git://git.inai.de/linux xt2-20121115-2315
for you to fetch changes up to adef2d8b21ac2cab08948e252d71620d02525ec0:
netfilter: xtables2: support nomination for chains (2012-11-15 23:26:28 +0100)
----------------------------------------------------------------
netfilter: xtables2: prepare for addition of more transaction b~~
netfilter: xtables2: implement the splice buffer
netfilter: xtables2: skeleton for single rules and rule buffer
netfilter: xtables2: core part for splice operation
netfilter: xtables2: netlink part for splice operation
netfilter: xtables2: rule entry handler
netfilter: xtables2: rule dumping
netfilter: add a private member to nf_hook_ops
netfilter: make nf_hook_ops.priv available to hooks
netfilter: xtables2: base chain functionality
netfilter: xtables2: support nomination for chains
include/linux/netfilter.h | 20 +-
include/net/netfilter/xt_core.h | 75 +++
include/uapi/linux/netfilter/nfnetlink_xtables.h | 24 +-
net/bridge/br_netfilter.c | 60 +--
net/bridge/netfilter/ebtable_filter.c | 16 +-
net/bridge/netfilter/ebtable_nat.c | 16 +-
net/decnet/netfilter/dn_rtmsg.c | 9 +-
net/ipv4/netfilter/arptable_filter.c | 5 +-
net/ipv4/netfilter/ipt_CLUSTERIP.c | 6 +-
net/ipv4/netfilter/iptable_filter.c | 7 +-
net/ipv4/netfilter/iptable_mangle.c | 16 +-
net/ipv4/netfilter/iptable_nat.c | 38 +-
net/ipv4/netfilter/iptable_raw.c | 6 +-
net/ipv4/netfilter/iptable_security.c | 7 +-
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 42 +-
net/ipv4/netfilter/nf_defrag_ipv4.c | 14 +-
net/ipv6/netfilter/ip6table_filter.c | 5 +-
net/ipv6/netfilter/ip6table_mangle.c | 10 +-
net/ipv6/netfilter/ip6table_nat.c | 39 +-
net/ipv6/netfilter/ip6table_raw.c | 5 +-
net/ipv6/netfilter/ip6table_security.c | 5 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 44 +-
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 13 +-
net/netfilter/core.c | 2 +-
net/netfilter/ipvs/ip_vs_core.c | 40 +-
net/netfilter/xt_core.c | 539 +++++++++++++++++++++-
net/netfilter/xt_nfnetlink.c | 377 ++++++++++++++-
security/selinux/hooks.c | 47 +-
28 files changed, 1226 insertions(+), 261 deletions(-)
Ohloh Line Count Summary
Language Files Code Comment Comment % Blank Total
---------------- ----- --------- --------- --------- --------- ---------
c 7 1775 634 26.3% 274 2683
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Netfitler Users] [LARTC] [Bugtraq] [Yosemite Forum] [Photo]