diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-05 14:41:07 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-08 16:58:27 +0200 |
| commit | 11113e190bf0ad73086884f87efccc994ff28b3d (patch) | |
| tree | 295a3f9b12f40b61b2a1f3305fabab5f85a42ba8 /include/net | |
| parent | 3dd0673ac3cd7d05cde103396ec7ec410a901de2 (diff) | |
| download | linux-11113e190bf0ad73086884f87efccc994ff28b3d.tar.gz | |
netfilter: nf_tables: support different set binding types
Currently a set binding is assumed to be related to a lookup and, in case of maps, a data load. In order to use bindings for set updates, the loop detection checks must be restricted to map operations only. Add a flags member to the binding struct to hold the set "action" flags such as NFT_SET_MAP, and perform loop detection based on these. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 746423332fcb..e7e6365c248f 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -316,6 +316,7 @@ static inline unsigned long nft_set_gc_interval(const struct nft_set *set) * * @list: set bindings list node * @chain: chain containing the rule bound to the set + * @flags: set action flags * * A set binding contains all information necessary for validation * of new elements added to a bound set. @@ -323,6 +324,7 @@ static inline unsigned long nft_set_gc_interval(const struct nft_set *set) struct nft_set_binding { struct list_head list; const struct nft_chain *chain; + u32 flags; }; int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set, |