| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Oct 2008 07:58:33 +0330 (IRST) From: hamid.jafarian@...il.com (hamid jafarian) to: Netfilter-devel <netfilter-devel@...r.kernel.org> cc: Amin Azez <azez@...mechanic.net> subject: [PATCH 00/09]IPtablestng/Kernel - New Framework For IPtables New Framework for IPtables beside some powerfull & usefull features of iptables, this framework add this new features to the Iptables: 1- Use link list for rule storage instead of continues memory. 2- Move management activities to the kernel side. 3- Command base communication between Kernel/User spaces. 4- New semantics & structures: 4-1: tables as builtin/userdefined chains container: store them in link list 4-2: chains as entry container: store them in link list 4-3: ... 5- Classifiers as search engine in chains instead of linear search: In This Version the Implementation of Classification algorithms Is like of Matches and Targets but doesn.t have User Space implementation. Every chain can use its classifier. By this ability (use/implement different classification algorithms), developers/administrators can classify their network packet flows in defferent ways base on the packet types or their needs and also more quickly than before. 6- Common implementation for all of the tables of different network families(as pkt_tables) instead of copy based code. 7- ... this implementation is for kernel 2.6.25 and supports IPv4. patch summary: A include/linux/netfilter/pkt_tables.h M include/linux/netfilter/x_tables.h M include/linux/netfilter_ipv4/ip_tables.h A include/linux/netfilter_ipv4/ipc_tuple.h M net/ipv4/netfilter/Kconfig M net/ipv4/netfilter/Makefile M net/ipv4/netfilter/ip_tables.c A net/ipv4/netfilter/ipc_tuple.c M net/ipv4/netfilter/ipt_CLUSTERIP.c M net/ipv4/netfilter/ipt_ECN.c M net/ipv4/netfilter/ipt_REJECT.c M net/ipv4/netfilter/iptable_filter.c M net/ipv4/netfilter/iptable_mangle.c M net/ipv4/netfilter/iptable_raw.c M net/ipv4/netfilter/nf_nat_rule.c M net/netfilter/Kconfig M net/netfilter/Makefile A net/netfilter/pkt_tables.c M net/netfilter/x_tables.c include/linux/netfilter/pkt_tables.h | 542 +++++++ include/linux/netfilter/x_tables.h | 15 + include/linux/netfilter_ipv4/ip_tables.h | 231 +--- include/linux/netfilter_ipv4/ipc_tuple.h | 69 + net/ipv4/netfilter/Kconfig | 13 + net/ipv4/netfilter/Makefile | 3 + net/ipv4/netfilter/ip_tables.c | 2356 +++--------------------------- net/ipv4/netfilter/ipc_tuple.c | 300 ++++ net/ipv4/netfilter/ipt_CLUSTERIP.c | 16 +- net/ipv4/netfilter/ipt_ECN.c | 2 +- net/ipv4/netfilter/ipt_REJECT.c | 4 +- net/ipv4/netfilter/iptable_filter.c | 57 +- net/ipv4/netfilter/iptable_mangle.c | 69 +- net/ipv4/netfilter/iptable_raw.c | 55 +- net/ipv4/netfilter/nf_nat_rule.c | 60 +- net/netfilter/Kconfig | 8 + net/netfilter/Makefile | 1 + net/netfilter/pkt_tables.c | 2203 ++++++++++++++++++++++++++++ net/netfilter/x_tables.c | 14 +- 19 files changed, 3442 insertions(+), 2576 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists