leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
49499c3e6e
linux/include/net/netfilter
History
Patrick McHardy 49499c3e6e netfilter: nf_tables: switch registers to 32 bit addressing 
Switch the nf_tables registers from 128 bit addressing to 32 bit
addressing to support so called concatenations, where multiple values
can be concatenated over multiple registers for O(1) exact matches of
multiple dimensions using sets.

The old register values are mapped to areas of 128 bits for compatibility.
When dumping register numbers, values are expressed using the old values
if they refer to the beginning of a 128 bit area for compatibility.

To support concatenations, register loads of less than a full 32 bit
value need to be padded. This mainly affects the payload and exthdr
expressions, which both unconditionally zero the last word before
copying the data.

Userspace fully passes the testsuite using both old and new register
addressing.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-04-13 17:17:29 +02:00
..
ipv4 netfilter: fix sparse warnings in reject handling 2015-03-10 15:01:32 +01:00
ipv6 netfilter: fix sparse warnings in reject handling 2015-03-10 15:01:32 +01:00
br_netfilter.h netfilter: explicit module dependency between br_netfilter and physdev 2014-10-02 18:30:57 +02:00
nf_conntrack_acct.h netfilter: introduce nf_conn_acct structure 2013-11-03 21:48:49 +01:00
nf_conntrack_core.h netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_ecache.h netfilter: conntrack: remove timer from ecache extension 2014-06-25 19:15:38 +02:00
nf_conntrack_expect.h netfilter: rename netlink related "pid" variables to "portid" 2013-04-19 14:58:36 -04:00
nf_conntrack_extend.h netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len 2014-04-03 23:52:31 +02:00
nf_conntrack_helper.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_l3proto.h netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_l4proto.h netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_conntrack_labels.h netfilter: nft_ct: labels get support 2014-02-19 11:41:25 +01:00
nf_conntrack_seqadj.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_synproxy.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-01 17:06:14 -04:00
nf_conntrack_timeout.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_timestamp.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_conntrack_tuple.h netfilter: nf_nat: export NAT definitions to userspace 2011-12-23 14:36:43 +01:00
nf_conntrack_zones.h netfilter: nf_defrag_ipv4: fix compilation error with NF_CONNTRACK=n 2010-02-18 19:04:44 +01:00
nf_conntrack.h net: Introduce possible_net_t 2015-03-12 14:39:40 -04:00
nf_log.h netfilter: restore rule tracing via nfnetlink_log 2015-03-19 11:14:48 +01:00
nf_nat_core.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_nat_helper.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_nat_l3proto.h netfilter: Pass nf_hook_state through nf_nat_ipv6_{in,out,fn,local_fn}(). 2015-04-04 12:48:08 -04:00
nf_nat_l4proto.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00
nf_nat_redirect.h netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
nf_nat.h netfilter: fix compilation of masquerading without IP_NF_TARGET_MASQUERADE 2014-09-11 17:02:45 +02:00
nf_queue.h netfilter: Use nf_hook_state in nf_queue_entry. 2015-04-04 12:25:22 -04:00
nf_tables_bridge.h netfilter: nf_tables_bridge: export nft_reject_ip*hdr_validate functions 2014-11-27 12:58:05 +01:00
nf_tables_core.h netfilter: nf_tables: add support for dynamic set updates 2015-04-08 16:58:27 +02:00
nf_tables_ipv4.h netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nf_tables_ipv6.h netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nf_tables.h netfilter: nf_tables: switch registers to 32 bit addressing 2015-04-13 17:17:29 +02:00
nfnetlink_log.h netfilter: log: netns NULL ptr bug when calling from conntrack 2013-05-15 14:11:07 +02:00
nfnetlink_queue.h netfilter: nfnetlink_queue: allow to attach expectations to conntracks 2013-08-13 16:32:10 +02:00
nft_masq.h netfilter: nf_tables: restrict nat/masq expressions to nat chain type 2014-10-13 20:42:00 +02:00
nft_meta.h netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00
nft_redir.h netfilter: nf_tables: add new expression nft_redir 2014-10-27 22:49:39 +01:00
nft_reject.h netfilter: nft_reject: introduce icmp code abstraction for inet and bridge 2014-10-02 18:29:57 +02:00
xt_rateest.h netfilter: Remove extern from function prototypes 2013-09-23 16:29:42 -04:00