diff options
| author |   Patrick McHardy <kaber@trash.net> | 2015-04-05 14:41:07 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-08 16:58:27 +0200 |
| commit | 11113e190bf0ad73086884f87efccc994ff28b3d (patch) | |
| tree | 295a3f9b12f40b61b2a1f3305fabab5f85a42ba8 /net/netfilter/nft_lookup.c | |
| parent | netfilter: nf_tables: prepare set element accounting for async updates (diff) | |
| download | linux-dev-11113e190bf0ad73086884f87efccc994ff28b3d.tar.xz linux-dev-11113e190bf0ad73086884f87efccc994ff28b3d.zip | |
netfilter: nf_tables: support different set binding types
Currently a set binding is assumed to be related to a lookup and, in
case of maps, a data load.
In order to use bindings for set updates, the loop detection checks
must be restricted to map operations only. Add a flags member to the
binding struct to hold the set "action" flags such as NFT_SET_MAP,
and perform loop detection based on these.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_lookup.c')
| -rw-r--r-- | net/netfilter/nft_lookup.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c index a5f30b8760ea..d8cf86fb30fc 100644 --- a/net/netfilter/nft_lookup.c +++ b/net/netfilter/nft_lookup.c @@ -92,6 +92,8 @@ static int nft_lookup_init(const struct nft_ctx *ctx, } else if (set->flags & NFT_SET_MAP) return -EINVAL; + priv->binding.flags = set->flags & NFT_SET_MAP; + err = nf_tables_bind_set(ctx, set, &priv->binding); if (err < 0) return err; |