| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds support to auto-generate BSF code for IPv6. It
requires a Linux kernel >= 2.6.29. The maximum number of addresses
is limited to 20 (12 BSF lines per IPv6 address comparison). I am
not sure that to remove this limit is useful given that oprofile
does not show very good numbers for very large (in terms of lines)
filters. This completes one feature that is available in IPv4 but
that was missing in IPv6.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
| |
This patch removes unnecessary function inlining in the BSF code
generation. There is not reason to get any significant performance
improvement in an operation that should be done in the
initialization path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch reworks the BSF automatic generation code. This
feature needs more love and it has several limitations like
that the maximum number of IPs are 127 due to BSF code
restrictions. See this patch as a first step forward.
This patch also adds the stack data type, which is used to
resolve jump dynamically instead of the previous static
approach.
This patch also includes fixes in the limitations, previous
calculations were wrong.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch cleanups the internal headers by splitting them into several
logical pieces.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
| |
|
|
|
|
|
| |
This patch introduces nfct_filter_set_logic() to set the filtering
logic which results in a more flexible solution.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
This patch adds an abstraction level to berkeley sockets filter (BSF) for
Netlink sockets available since Linux kernel 2.6.26. This provides an
easy way to attach filters without knowing about BSF at all.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
