Hi Tomasz, On Thu, Jan 10, 2013 at 04:29:33PM +0200, Tomasz Bursztyka wrote: > Hi, > > Here is an attempt to get iptables-nftables supporting IPv6. I > haven't tested it really, so I send it more as an RFC. > > Starting from xtables.c which supports only IPv4, patch 2 combines > the support for IPv6 in it. The family attribute provided in patch > 1 is set then used in nft.c to use it accordingly, in patch 3. > > Patch 4 finalizes it in handling the right informations for rule > manipulations depending on the family. > > Patch 5 and 6 then adds the support of IPv6 when it comes to > respectively save and print the firewall. Good job. I have merged the 6 patches into one single, they all belong to the same scope. I have also tested this, fixed a couple of issues (regarding deletion, xtables-save/-restore, printing IPv6 destination via xtables -6 -L -n and spot error if `-f' is used with xtables -6, probably something else, I forgot, you can diff you initial patch and final result). I have pushed this into the repository: http://1984.lsi.us.es/git/iptables-nftables/commit/?id=453ece127f96f155146eff5c2a8b30574d08335d It would be good if you can move all specific IPv4 and IPv6 code to nft-ipv4.c and nft-ipv6.c files respectively. You can use a structure with callbacks like: struct xtables_family { int (*add)(...); void (*print)(...); void (*print_save)(...); int (*parse)(...); int (*is_same)(...); } By looking at the previous patch and searching for: switch(h->family) { case AF_INET: ... break; case AF_INET6: ... break; } Should help to identify the code that needs to be moved to the specific file. That encapsulation will help to prepare bridging and arp support. Thanks a lot! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
