We need to distinguish nft chain from other chains in
nf_nat_ipv{4,6}_fn(). Let's use a RedHat reserved field in
struct nf_hook_ops for that.Will be used by the next patch. https://jira.sw.ru/browse/PSBM-102728 https://jira.sw.ru/browse/PSBM-103746 Signed-off-by: Konstantin Khorenko <[email protected]> --- include/linux/netfilter.h | 2 +- net/netfilter/nf_tables_api.c | 1 + net/netfilter/x_tables.c | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index aeaffff37e1b5..20ec69caecb5e 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -109,7 +109,7 @@ struct nf_hook_ops { unsigned long __rht_reserved2; unsigned long __rht_reserved3; unsigned long __rht_reserved4; - unsigned long __rht_reserved5; + unsigned long is_nft_ops; }; struct nf_sockopt_ops { diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index c52f69b75c857..4692c364e69c7 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1457,6 +1457,7 @@ static int nf_tables_newchain(struct net *net, struct sock *nlsk, ops->hooknum = hook.num; ops->priority = hook.priority; ops->priv = chain; + ops->is_nft_ops = 1; ops->hook = afi->hooks[ops->hooknum]; if (hookfn) ops->hook = hookfn; diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 2131197bbf244..1ffa1add7151e 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -1618,6 +1618,8 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn) ops[i].pf = table->af; ops[i].hooknum = hooknum; ops[i].priority = table->priority; + ops[i].priv = NULL; + ops[i].is_nft_ops = 0; ++i; } -- 2.15.1 _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
