diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-11 10:46:40 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-13 20:12:31 +0200 |
| commit | 151d799a61da1b6f6b7e5116fb776177917bbe9a (patch) | |
| tree | c9080e0cc8e06e85c42cd5948b7bce4de9cf35b8 /net/netfilter/nft_limit.c | |
| parent | f25ad2e907f110378159fe5e088aa13176faaa5b (diff) | |
| download | op-kernel-dev-151d799a61da1b6f6b7e5116fb776177917bbe9a.zip op-kernel-dev-151d799a61da1b6f6b7e5116fb776177917bbe9a.tar.gz | |
netfilter: nf_tables: mark stateful expressions
Add a flag to mark stateful expressions.
This is used for dynamic expression instanstiation to limit the usable
expressions. Strictly speaking only the dynset expression can not be
used in order to avoid recursion, but since dynamically instantiating
non-stateful expressions will simply create an identical copy, which
behaves no differently than the original, this limits to expressions
where it actually makes sense to dynamically instantiate them.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_limit.c')
| -rw-r--r-- | net/netfilter/nft_limit.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nft_limit.c b/net/netfilter/nft_limit.c index c862045..435c1cc 100644 --- a/net/netfilter/nft_limit.c +++ b/net/netfilter/nft_limit.c @@ -98,6 +98,7 @@ static struct nft_expr_type nft_limit_type __read_mostly = { .ops = &nft_limit_ops, .policy = nft_limit_policy, .maxattr = NFTA_LIMIT_MAX, + .flags = NFT_EXPR_STATEFUL, .owner = THIS_MODULE, }; |
