new file mode 100644
@@ -0,0 +1,15 @@
+#ifndef _NETFILTER_XTCORE_H
+#define _NETFILTER_XTCORE_H 1
+
+/**
+ * @master: the master table
+ */
+struct xt2_pernet_data {
+ struct xt2_table __rcu *master;
+};
+
+struct xt2_table {
+ int _dummy;
+};
+
+#endif /* _NETFILTER_XTCORE_H */
@@ -429,7 +429,13 @@ config NETFILTER_XTABLES
This is required if you intend to use any of ip_tables,
ip6_tables or arp_tables.
-if NETFILTER_XTABLES
+config NETFILTER_XTABLES2
+ tristate "Netfilter Xtables2 packet filtering"
+ ---help---
+ Xtables2 is a rework of the internal architecture of Xtables.
+ It supersedes iptables, ip6tables, arptables and ebtables.
+
+if NETFILTER_XTABLES || NETFILTER_XTABLES2
comment "Xtables combined modules"
@@ -65,6 +65,7 @@ obj-$(CONFIG_NETFILTER_TPROXY) += nf_tproxy_core.o
# generic X tables
obj-$(CONFIG_NETFILTER_XTABLES) += x_tables.o xt_tcpudp.o
+obj-$(CONFIG_NETFILTER_XTABLES2) += xt_core.o
# combos
obj-$(CONFIG_NETFILTER_XT_MARK) += xt_mark.o
new file mode 100644
@@ -0,0 +1,85 @@
+/*
+ * Xtables2 core
+ * Copyright © Jan Engelhardt, 2009-2012
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/err.h>
+#include <linux/module.h>
+#include <linux/mutex.h>
+#include <linux/slab.h>
+#include <net/net_namespace.h>
+#include <net/netns/generic.h>
+#include <net/netfilter/xt_core.h>
+
+MODULE_DESCRIPTION("Netfilter Xtables2 packet filtering");
+MODULE_AUTHOR("Jan Engelhardt");
+MODULE_LICENSE("GPL");
+
+static int xtables2_net_id __read_mostly;
+
+static inline struct xt2_pernet_data *xtables2_pernet(struct net *net)
+{
+ return net_generic(net, xtables2_net_id);
+}
+
+/**
+ * Create a new table with no chains and no rules.
+ */
+static struct xt2_table *xt2_table_new(void)
+{
+ struct xt2_table *table;
+
+ table = kzalloc(sizeof(*table), GFP_KERNEL);
+ if (table == NULL)
+ return NULL;
+
+ return table;
+}
+
+static void xt2_table_free(struct xt2_table *table)
+{
+ kfree(table);
+}
+
+static int __net_init xtables2_net_init(struct net *net)
+{
+ struct xt2_pernet_data *pnet = xtables2_pernet(net);
+
+ pnet->master = xt2_table_new();
+ if (IS_ERR(pnet->master))
+ return PTR_ERR(pnet->master);
+ return 0;
+}
+
+static void __net_exit xtables2_net_exit(struct net *net)
+{
+ struct xt2_pernet_data *pnet = xtables2_pernet(net);
+
+ xt2_table_free(pnet->master);
+}
+
+static struct pernet_operations xtables2_pernet_ops = {
+ .init = xtables2_net_init,
+ .exit = xtables2_net_exit,
+ .id = &xtables2_net_id,
+ .size = sizeof(struct xt2_pernet_data),
+};
+
+static int __init xtables2_init(void)
+{
+ pr_info("Xtables2, (C) 2009-2012, J.Engelhardt\n");
+ return register_pernet_subsys(&xtables2_pernet_ops);
+}
+
+static void __exit xtables2_exit(void)
+{
+ unregister_pernet_subsys(&xtables2_pernet_ops);
+}
+
+module_init(xtables2_init);
+module_exit(xtables2_exit);
This patch adds the xt2 table functions. Of course this does not do anything useful yet, chain and rule support directly follow. Signed-off-by: Jan Engelhardt <jengelh@inai.de> --- include/net/netfilter/xt_core.h | 15 +++++++ net/netfilter/Kconfig | 8 +++- net/netfilter/Makefile | 1 + net/netfilter/xt_core.c | 85 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 include/net/netfilter/xt_core.h create mode 100644 net/netfilter/xt_core.c