git.baikalelectronics.ru Git - kernel.git/commit

author	Patrick McHardy <kaber@trash.net>
	Sun, 5 Apr 2015 12:41:07 +0000 (14:41 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 8 Apr 2015 14:58:27 +0000 (16:58 +0200)
commit	f8ba84d2c2a7a7935520aa1f13e6b3c4332183d2
tree	295a3f9b12f40b61b2a1f3305fabab5f85a42ba8	tree \| snapshot
parent	c2743fd82119ad2c81f14874a9c5383b6c169991	commit \| diff

netfilter: nf_tables: support different set binding types

Currently a set binding is assumed to be related to a lookup and, in
case of maps, a data load.

In order to use bindings for set updates, the loop detection checks
must be restricted to map operations only. Add a flags member to the
binding struct to hold the set "action" flags such as NFT_SET_MAP,
and perform loop detection based on these.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_lookup.c		diff \| blob \| history