diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-27 11:53:08 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-30 11:29:19 +0200 |
| commit | 43a605f2f722b6e08addedae8545b490fca252c4 (patch) | |
| tree | ec3310d2587f35c25d59d79ad4d1460ecc710d75 /include | |
| parent | netfilter: nf_tables: build-in filter chain type (diff) | |
| download | linux-dev-43a605f2f722b6e08addedae8545b490fca252c4.tar.xz linux-dev-43a605f2f722b6e08addedae8545b490fca252c4.zip | |
netfilter: nf_tables: enable conntrack if NAT chain is registered
Register conntrack hooks if the user adds NAT chains. Users get confused
with the existing behaviour since they will see no packets hitting this
chain until they add the first rule that refers to conntrack.
This patch adds new ->init() and ->free() indirections to chain types
that can be used by NAT chains to invoke the conntrack dependency.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 77c3c04c27ac..e26b94a61a99 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -884,6 +884,8 @@ enum nft_chain_types { * @owner: module owner * @hook_mask: mask of valid hooks * @hooks: array of hook functions + * @init: chain initialization function + * @free: chain release function */ struct nft_chain_type { const char *name; @@ -892,6 +894,8 @@ struct nft_chain_type { struct module *owner; unsigned int hook_mask; nf_hookfn *hooks[NF_MAX_HOOKS]; + int (*init)(struct nft_ctx *ctx); + void (*free)(struct nft_ctx *ctx); }; int nft_chain_validate_dependency(const struct nft_chain *chain, |