[PATCH nf-next] netfilter: add __exit mark to helper modules

There are no __exit mark in the helper modules. because these exit functions used to be called by init function but now that is not. so we can add __exit mark. Signed-off-by: Taehee Yoo --- net/netfilter/nf_conntrack_ftp.c | 3 +-- net/netfilter/nf_conntrack_irc.c | 6 +- net/netfilter/nf_

[PATCH nf-next] netfilter: ebtables: add ebt_free_table_info function

A ebt_free_table_info frees all of chainstacks. It similar to xt_free_table_info. this inline function reduces code line. Signed-off-by: Taehee Yoo --- net/bridge/netfilter/ebtables.c | 39 +++ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/ne

[PATCH nf-next] netfilter: ebtables: remove EBT_MATCH and EBT_NOMATCH

EBT_MATCH and EBT_NOMATCH are used to change return value. match functions(ebt_xxx.c) return false when received frame is not matched and returns true when received frame is matched. but, EBT_MATCH_ITERATE understands oppositely. so, to change return value, EBT_MATCH and EBT_NOMATCH are used. but,

[PATCH nf-next] netfilter: x_tables: remove duplicate ip6t_get_target function call

In the check_target, ip6t_get_target is called twice. Signed-off-by: Taehee Yoo --- net/ipv6/netfilter/ip6_tables.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 0045087..0772f44 100644 --- a/net/ipv6/netfilter/ip6_tabl

[PATCH iptables 4/4] xtables-compat: only validate the xtables builtin tables

This allows xtables-compat to list all builtin tables unless one contains nft specific expressions. Tables that do not exist in xtables world are not printed anymore (but a small hint is shown that such non-printable table(s) exist). Signed-off-by: Florian Westphal --- iptables/nft.c | 11 +

[PATCH iptables 1/4] xtables-compat: fix snprintf truncation warnings

proto is u16 in the data structure, so this gave: nft-ipv6.c:422:44: warning: '__builtin___snprintf_chk' output may be truncated before the last format character [-Wformat-truncation=] Signed-off-by: Florian Westphal --- iptables/nft-ipv4.c | 2 +- iptables/nft-ipv6.c | 2 +- 2 files changed, 2

[PATCH iptables 2/4] xtables-compat: also validate priorities and hook points match expected values

Signed-off-by: Florian Westphal --- iptables/nft.c | 35 ++- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/iptables/nft.c b/iptables/nft.c index 91381419b9cb..a73c72bda7be 100644 --- a/iptables/nft.c +++ b/iptables/nft.c @@ -2774,22 +2774,36 @@ st

[PATCH iptables 3/4] xtables-compat: skip unsupported tables

Instead of not listing anything at all if an unknown table name exists, just skip them. Output a small comment that the listing doesn't include the (unrecognized, nft-created) tables. Next patch will restrict 'is this table printable in xtables syntax' check to the "builtin" tables. Signed-off-b

[PATCH v2] libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark

This patch adds a new feature to iptables that allow bitshifting for --restore,set and save-mark operations. This allows existing logic operators (and, or and xor) and mask to co-operate with new bitshift operations. The intention is to provide uses with more fexible uses of skb->mark and ct->mark

Re: [PATCH] libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark

diff: Fixed a small typo error in connmark_tg_parse_v2-- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html

[PATCH] libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark

This patch adds a new feature to iptables that allow bitshifting for --restore,set and save-mark operations. This allows existing logic operators (and, or and xor) and mask to co-operate with new bitshift operations. The intention is to provide uses with more fexible uses of skb->mark and ct->mark