netfilter: nf_tables: Support RULE_ID reference in new rule - wireguard-linux

diff options

author	Phil Sutter <phil@nwl.cc>	2019-01-14 18:41:35 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-01-18 15:02:33 +0100
commit	75dd48e2e420a3cbbe56dd7adfcc6f142c948272 (patch)
tree	b4a754c639f47db6c004955442e90ed1c444c22c /net/netfilter/nf_conntrack_core.c
parent	netfilter: physdev: relax br_netfilter dependency (diff)
download	wireguard-linux-75dd48e2e420a3cbbe56dd7adfcc6f142c948272.tar.xz wireguard-linux-75dd48e2e420a3cbbe56dd7adfcc6f142c948272.zip

netfilter: nf_tables: Support RULE_ID reference in new rule

To allow for a batch to contain rules in arbitrary ordering, introduce NFTA_RULE_POSITION_ID attribute which works just like NFTA_RULE_POSITION but contains the ID of another rule within the same batch. This helps iptables-nft-restore handling dumps with mixed insert/append commands correctly. Note that NFTA_RULE_POSITION takes precedence over NFTA_RULE_POSITION_ID, so if the former is present, the latter is ignored. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: