netfilter: nf_tables: convert built-in tables/chains to chain types
authorPablo Neira Ayuso <pablo@netfilter.org>
Thu, 10 Oct 2013 21:21:26 +0000 (23:21 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 14 Oct 2013 15:16:11 +0000 (17:16 +0200)
commit9370761c56b66aa5c65e069a7b010111a025018d
tree0b9080fdb768fc5f8f16c685de605d07347283f9
parentc29b72e02573b8fe5e6cae5d192a6a4772e7bbd6
netfilter: nf_tables: convert built-in tables/chains to chain types

This patch converts built-in tables/chains to chain types that
allows you to deploy customized table and chain configurations from
userspace.

After this patch, you have to specify the chain type when
creating a new chain:

 add chain ip filter output { type filter hook input priority 0; }
                              ^^^^ ------

The existing chain types after this patch are: filter, route and
nat. Note that tables are just containers of chains with no specific
semantics, which is a significant change with regards to iptables.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 files changed:
include/net/netfilter/nf_tables.h
include/uapi/linux/netfilter/nf_tables.h
net/ipv4/netfilter/Kconfig
net/ipv4/netfilter/Makefile
net/ipv4/netfilter/nf_tables_ipv4.c
net/ipv4/netfilter/nft_chain_nat_ipv4.c [moved from net/ipv4/netfilter/nf_table_nat_ipv4.c with 76% similarity]
net/ipv4/netfilter/nft_chain_route_ipv4.c [moved from net/ipv4/netfilter/nf_table_route_ipv4.c with 61% similarity]
net/ipv6/netfilter/Kconfig
net/ipv6/netfilter/Makefile
net/ipv6/netfilter/nf_tables_ipv6.c
net/ipv6/netfilter/nft_chain_route_ipv6.c [moved from net/ipv6/netfilter/nf_table_route_ipv6.c with 65% similarity]
net/netfilter/nf_tables_api.c