diff options
author | Florian Westphal <fw@strlen.de> | 2021-06-04 12:27:06 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-07 12:23:38 +0200 |
commit | 7b4b2fa37587394fb89fa51a4bea0820a1b37a5d (patch) | |
tree | 75f08548b3079f0333a85a4daf5dfb216680fb6a | |
parent | 1d91d2e1a7f767aa8c11d8507ecf268f787734ec (diff) | |
download | linux-7b4b2fa37587394fb89fa51a4bea0820a1b37a5d.tar.bz2 |
netfilter: annotate nf_tables base hook ops
This will allow a followup patch to treat the 'ops->priv' pointer
as nft_chain argument without having to first walk the table/chains
to check if there is a matching base chain pointer.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | include/linux/netfilter.h | 8 | ||||
-rw-r--r-- | net/netfilter/nf_tables_api.c | 4 |
2 files changed, 10 insertions, 2 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index f161569fbe2f..3fda1a508733 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -77,12 +77,18 @@ struct nf_hook_state { typedef unsigned int nf_hookfn(void *priv, struct sk_buff *skb, const struct nf_hook_state *state); +enum nf_hook_ops_type { + NF_HOOK_OP_UNDEFINED, + NF_HOOK_OP_NF_TABLES, +}; + struct nf_hook_ops { /* User fills in from here down. */ nf_hookfn *hook; struct net_device *dev; void *priv; - u_int8_t pf; + u8 pf; + enum nf_hook_ops_type hook_ops_type:8; unsigned int hooknum; /* Hooks are ordered in ascending priority. */ int priority; diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 6c2000a11c7e..c9308241b688 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2168,8 +2168,10 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, } nft_trans_chain_policy(trans) = NFT_CHAIN_POLICY_UNSET; - if (nft_is_base_chain(chain)) + if (nft_is_base_chain(chain)) { + basechain->ops.hook_ops_type = NF_HOOK_OP_NF_TABLES; nft_trans_chain_policy(trans) = policy; + } err = nft_chain_add(table, chain); if (err < 0) { |