linux/net/ipv4/netfilter
Patrick McHardy 49499c3e6e netfilter: nf_tables: switch registers to 32 bit addressing
Switch the nf_tables registers from 128 bit addressing to 32 bit
addressing to support so called concatenations, where multiple values
can be concatenated over multiple registers for O(1) exact matches of
multiple dimensions using sets.

The old register values are mapped to areas of 128 bits for compatibility.
When dumping register numbers, values are expressed using the old values
if they refer to the beginning of a 128 bit area for compatibility.

To support concatenations, register loads of less than a full 32 bit
value need to be padded. This mainly affects the payload and exthdr
expressions, which both unconditionally zero the last word before
copying the data.

Userspace fully passes the testsuite using both old and new register
addressing.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-04-13 17:17:29 +02:00
..
Kconfig netfilter: nf_tables: consolidate Kconfig options 2015-03-06 01:21:15 +01:00
Makefile netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module 2014-11-27 13:08:42 +01:00
arp_tables.c netfilter: Pass nf_hook_state through arpt_do_table(). 2015-04-04 13:26:52 -04:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: Pass nf_hook_state through arpt_do_table(). 2015-04-04 13:26:52 -04:00
ip_tables.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
ipt_CLUSTERIP.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
ipt_ECN.c netfilter: xtables: substitute temporary defines by final name 2010-05-11 18:31:17 +02:00
ipt_MASQUERADE.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ipt_REJECT.c netfilter: reject: don't send icmp error if csum is invalid 2015-03-03 02:10:35 +01:00
ipt_SYNPROXY.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
ipt_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ipt_rpfilter.c ipv4, fib: pass LOOPBACK_IFINDEX instead of 0 to flowi4_iif 2014-04-16 15:05:11 -04:00
iptable_filter.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_mangle.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_nat.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_raw.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
iptable_security.c netfilter: Pass nf_hook_state through ipt_do_table(). 2015-04-04 12:47:04 -04:00
nf_conntrack_l3proto_ipv4.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: Remove uses of seq_<foo> return values 2015-03-18 10:51:35 +01:00
nf_conntrack_proto_icmp.c netfilter: Convert print_tuple functions to return void 2014-11-05 14:10:33 -05:00
nf_defrag_ipv4.c netfilter: Make nf_hookfn use nf_hook_state. 2015-04-04 12:31:38 -04:00
nf_log_arp.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_log_ipv4.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_nat_h323.c netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report() 2014-02-05 17:46:05 +01:00
nf_nat_l3proto_ipv4.c netfilter: Pass nf_hook_state through nf_nat_ipv4_{in,out,fn,local_fn}(). 2015-04-04 12:45:19 -04:00
nf_nat_masquerade_ipv4.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
nf_nat_pptp.c netfilter: add my copyright statements 2013-04-18 20:27:55 +02:00
nf_nat_proto_gre.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_icmp.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_snmp_basic.c netfilter: nf_nat_snmp_basic: fix duplicates in if/else branches 2014-02-14 11:37:36 +01:00
nf_reject_ipv4.c netfilter: bridge: add helpers for fetching physin/outdev 2015-04-08 16:49:08 +02:00
nf_tables_arp.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nf_tables_ipv4.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_nat_ipv4.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_chain_route_ipv4.c netfilter: Pass nf_hook_state through nft_set_pktinfo*(). 2015-04-04 12:54:27 -04:00
nft_masq_ipv4.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00
nft_redir_ipv4.c netfilter: nf_tables: switch registers to 32 bit addressing 2015-04-13 17:17:29 +02:00
nft_reject_ipv4.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00