netfilter: nf_tables: add reject module for NFPROTO_INET

Add a reject module for NFPROTO_INET. It does nothing but dispatch to the AF-specific modules based on the hook family. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2014-02-05 15:03:39 +0000
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-02-06 09:44:18 +0100
commit: 05513e9e33dbded8124567466a444d32173eecc6 (patch)
tree: 175aafe01f1fe4914577ce67c8fd32ad8e0440a0 /include
parent: netfilter: nft_reject: split up reject module into IPv4 and IPv6 specifc parts (diff)
download: linux-dev-05513e9e33dbded8124567466a444d32173eecc6.tar.xz
linux-dev-05513e9e33dbded8124567466a444d32173eecc6.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/include/net/netfilter/nft_reject.h b/include/net/netfilter/nft_reject.h
index ecda75945e77..36b0da2d55bb 100644
--- a/include/net/netfilter/nft_reject.h
+++ b/include/net/netfilter/nft_reject.h
@@ -14,4 +14,12 @@ int nft_reject_init(const struct nft_ctx *ctx,
 
 int nft_reject_dump(struct sk_buff *skb, const struct nft_expr *expr);
 
+void nft_reject_ipv4_eval(const struct nft_expr *expr,
+			  struct nft_data data[NFT_REG_MAX + 1],
+			  const struct nft_pktinfo *pkt);
+
+void nft_reject_ipv6_eval(const struct nft_expr *expr,
+			  struct nft_data data[NFT_REG_MAX + 1],
+			  const struct nft_pktinfo *pkt);
+
 #endif
author	Patrick McHardy <kaber@trash.net>	2014-02-05 15:03:39 +0000
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-02-06 09:44:18 +0100
commit	05513e9e33dbded8124567466a444d32173eecc6 (patch)
tree	175aafe01f1fe4914577ce67c8fd32ad8e0440a0 /include
parent	netfilter: nft_reject: split up reject module into IPv4 and IPv6 specifc parts (diff)
download	linux-dev-05513e9e33dbded8124567466a444d32173eecc6.tar.xz linux-dev-05513e9e33dbded8124567466a444d32173eecc6.zip