diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-10 23:28:33 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-14 18:00:59 +0200 |
| commit | 99633ab29b2131b68089a6c7f60458390860e044 (patch) | |
| tree | eb7e2ecd9ed875ed4d3a050b95ed3d77bbde762b /include/net/netfilter/nf_tables.h | |
| parent | eb31628e37a0a4e01fffd79dcc7f815d2357f53a (diff) | |
| download | op-kernel-dev-99633ab29b2131b68089a6c7f60458390860e044.zip op-kernel-dev-99633ab29b2131b68089a6c7f60458390860e044.tar.gz | |
netfilter: nf_tables: complete net namespace support
Register family per netnamespace to ensure that sets are
only visible in its approapriate namespace.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter/nf_tables.h')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index a68f45f..d3272e9 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -68,6 +68,7 @@ static inline void nft_data_debug(const struct nft_data *data) /** * struct nft_ctx - nf_tables rule/set context * + * @net: net namespace * @skb: netlink skb * @nlh: netlink message header * @afi: address family info @@ -76,6 +77,7 @@ static inline void nft_data_debug(const struct nft_data *data) * @nla: netlink attributes */ struct nft_ctx { + struct net *net; const struct sk_buff *skb; const struct nlmsghdr *nlh; const struct nft_af_info *afi; @@ -462,7 +464,7 @@ struct nft_af_info { nf_hookfn *hooks[NF_MAX_HOOKS]; }; -extern int nft_register_afinfo(struct nft_af_info *); +extern int nft_register_afinfo(struct net *, struct nft_af_info *); extern void nft_unregister_afinfo(struct nft_af_info *); struct nf_chain_type { |
