netfilter: nf_tables: attach net_device to basechain
The device is part of the hook configuration, so instead of a global
configuration per table, set it to each of the basechain that we create.
This patch reworks ebddf1a8d7 ("netfilter: nf_tables: allow to bind table to
net_device").
Note that this adds a dev_name field in the nft_base_chain structure which is
required the netdev notification subscription that follows up in a patch to
handle gone net_devices.
Suggested-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
711bdde6a8
commit
2cbce139fc
3 changed files with 46 additions and 41 deletions
|
|
@ -122,11 +122,13 @@ enum nft_list_attributes {
|
|||
*
|
||||
* @NFTA_HOOK_HOOKNUM: netfilter hook number (NLA_U32)
|
||||
* @NFTA_HOOK_PRIORITY: netfilter hook priority (NLA_U32)
|
||||
* @NFTA_HOOK_DEV: netdevice name (NLA_STRING)
|
||||
*/
|
||||
enum nft_hook_attributes {
|
||||
NFTA_HOOK_UNSPEC,
|
||||
NFTA_HOOK_HOOKNUM,
|
||||
NFTA_HOOK_PRIORITY,
|
||||
NFTA_HOOK_DEV,
|
||||
__NFTA_HOOK_MAX
|
||||
};
|
||||
#define NFTA_HOOK_MAX (__NFTA_HOOK_MAX - 1)
|
||||
|
|
@ -146,14 +148,12 @@ enum nft_table_flags {
|
|||
* @NFTA_TABLE_NAME: name of the table (NLA_STRING)
|
||||
* @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32)
|
||||
* @NFTA_TABLE_USE: number of chains in this table (NLA_U32)
|
||||
* @NFTA_TABLE_DEV: net device name (NLA_STRING)
|
||||
*/
|
||||
enum nft_table_attributes {
|
||||
NFTA_TABLE_UNSPEC,
|
||||
NFTA_TABLE_NAME,
|
||||
NFTA_TABLE_FLAGS,
|
||||
NFTA_TABLE_USE,
|
||||
NFTA_TABLE_DEV,
|
||||
__NFTA_TABLE_MAX
|
||||
};
|
||||
#define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue