|
|
|
Xtables2 status for Dec 04 | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
|
(Previous sets: http://www.spinics.net/lists/netfilter-devel/msg24117.html
http://www.spinics.net/lists/netfilter-devel/msg23925.html , which have
been amended lightly to address bugs and cosmetics.)
This is the third set of patches in Xtables2, in particular,
extension load/unload and execution logic for matches, targets
and verdicts. So, a "yay" is in order.
Mandatory URLs.
kernel part: git://git.inai.de/linux xt2-20121204-0135
user part: git://git.inai.de/libnetfilter_xtables master
Some xt extensions are directly usable. The table-replace test program
will use xt_MARK and xt_comment:
cd libnetfilter_xtables/src/
# this adds some rules with (m)atches, (t)argets, (v)erdicts
# all with a he(x)dump
./xtnl-test table-replace -Pmtvx
ip6tables -A INPUT -m mark --mark 0x66666666
iptables -A INPUT -m mark --mark 0x44444444
Watch counters with `ip6tables -nvL` (or ipv4). As you will notice,
xt1 can run as a sibling to xt2.
The Xtables2 high-level documentation that currently contains the
section Architectural Differences, was updated:
http://inai.de/documents/Xtables2_Userdoc.pdf (or .txt, .lyx)
== git canned text: ==
The following changes since commit 026b9cc06de11b5f14509d6f64863c413bf3a42b:
netfilter: xtables2: support nomination for chains (2012-12-03 04:09:41 +0100)
are available in the git repository at:
git://git.inai.de/linux
for you to fetch changes up to bc6b85e5300c13a9296837af1092d9febc78eb80:
netfilter: xtables2: execute targets in live rule traversal (2012-12-04 01:33:06 +0100)
----------------------------------------------------------------
Jan Engelhardt (8):
netfilter: xtables2: support for entering/dumping rule verdicts
netfilter: xtables2: execute verdicts in live rule traversal
netfilter: xtables2: store netns in table and rule blob
netfilter: xtables2: iterator for obtain/drop references to actions
netfilter: xtables2: support for entering/dumping match actions
netfilter: xtables2: execute matches in live rule traversal
netfilter: xtables2: support for entering/dumping target actions
netfilter: xtables2: execute targets in live rule traversal
include/net/netfilter/xt_core.h | 89 +++++
include/uapi/linux/netfilter/nfnetlink_xtables.h | 21 ++
net/netfilter/xt_core.c | 426 ++++++++++++++++++++--
net/netfilter/xt_nfnetlink.c | 155 ++++++++
4 files changed, 668 insertions(+), 23 deletions(-)
Ohloh Line Count Summary [all ~30 commits]
Language Files Code Comment Comment % Blank Total
-------- ----- --------- --------- --------- --------- ---------
c 4 1885 639 25.3% 259 2783
cpp 1 157 76 32.6% 22 255
-------- ----- --------- --------- --------- --------- ---------
Total 5 2042 715 25.9% 281 3038
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Netfitler Users] [LARTC] [Bugtraq] [Yosemite Forum] [Photo]