git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 13 Jun 2013 14:38:33 +0000 (16:38 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 24 Jun 2013 09:50:00 +0000 (11:50 +0200)
commit	aae836a7aa628af4d4d5dd97d0eefa898e8f5245
tree	0a5999838de7e19bba5c2bfb7172fec8d70c2da5	tree
parent	f171d1cf8a6530fe0ac204d4a6520fe0e2a70da4	commit \| diff

src: use libnftables

This patch migrates nft to use the libnftables library, that is used
by the iptables over nftables compat utility as well. Most of the
conversion was pretty straight forward. Some small significant changes
happened in the handling of set element and immediate data abstraction
that libnl provides. libnftables is a bit more granular since it splits
the struct nfnl_nft_data into three attributes: verdict, chain and plain
data (used in maps).

I have added a new file src/mnl.c that contains the low level netlink
communication that now resides in nftables source tree instead of
the library. This should help to implement the batching support using
libmnl in follow up patches.

I also spent some significant amount of time running my tests to make
sure that we don't increase the number of bugs that we already have
(I plan to provide a list of those that I have detected and diagnosed,
so anyone else can help us to fix them).

As a side effect, this change should also prepare the ground for
JSON and XML support anytime soon.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

configure.ac		diff \| blob \| blame \| history
include/mnl.h	[new file with mode: 0644]	blob
include/netlink.h		diff \| blob \| blame \| history
include/nftables.h		diff \| blob \| blame \| history
src/Makefile.in		diff \| blob \| blame \| history
src/erec.c		diff \| blob \| blame \| history
src/mnl.c	[new file with mode: 0644]	blob
src/netlink.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history