diff options
author | Patrick McHardy <kaber@trash.net> | 2014-01-03 12:16:15 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-01-07 23:55:46 +0100 |
commit | 115a60b173af0170e0db26b9a3fd6a911fba70a3 (patch) | |
tree | 83fac6bf34087f357d9fe30ff916dfa2448a5d40 /include/net | |
parent | c9484874e7596d6c890e4130336f5379f6a59c5f (diff) | |
download | op-kernel-dev-115a60b173af0170e0db26b9a3fd6a911fba70a3.zip op-kernel-dev-115a60b173af0170e0db26b9a3fd6a911fba70a3.tar.gz |
netfilter: nf_tables: add support for multi family tables
Add support to register chains to multiple hooks for different address
families for mixed IPv4/IPv6 tables.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_tables.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index c9e6316..f066f25 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -422,6 +422,8 @@ struct nft_stats { u64 pkts; }; +#define NFT_HOOK_OPS_MAX 2 + /** * struct nft_base_chain - nf_tables base chain * @@ -432,7 +434,7 @@ struct nft_stats { * @chain: the chain */ struct nft_base_chain { - struct nf_hook_ops ops; + struct nf_hook_ops ops[NFT_HOOK_OPS_MAX]; enum nft_chain_type type; u8 policy; struct nft_stats __percpu *stats; @@ -476,6 +478,8 @@ struct nft_table { * @nhooks: number of hooks in this family * @owner: module owner * @tables: used internally + * @nops: number of hook ops in this family + * @hook_ops_init: initialization function for chain hook ops * @hooks: hookfn overrides for packet validation */ struct nft_af_info { @@ -484,6 +488,9 @@ struct nft_af_info { unsigned int nhooks; struct module *owner; struct list_head tables; + unsigned int nops; + void (*hook_ops_init)(struct nf_hook_ops *, + unsigned int); nf_hookfn *hooks[NF_MAX_HOOKS]; }; |