From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pablo Neira Ayuso Subject: [PATCH net-next,RFC 08/13] netfilter: nft_chain_filter: add support for early ingress Date: Thu, 14 Jun 2018 16:19:42 +0200 Message-ID: <20180614141947.3580-9-pablo@netfilter.org> References: <20180614141947.3580-1-pablo@netfilter.org> Cc: netdev@vger.kernel.org, steffen.klassert@secunet.com To: netfilter-devel@vger.kernel.org Return-path: Received: from mail.us.es ([193.147.175.20]:38290 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966450AbeFNOUW (ORCPT ); Thu, 14 Jun 2018 10:20:22 -0400 Received: from antivirus1-rhel7.int (unknown [192.168.2.11]) by mail.us.es (Postfix) with ESMTP id DE64EE7BAF for ; Thu, 14 Jun 2018 16:18:58 +0200 (CEST) Received: from antivirus1-rhel7.int (localhost [127.0.0.1]) by antivirus1-rhel7.int (Postfix) with ESMTP id CBECCDA4CC for ; Thu, 14 Jun 2018 16:18:58 +0200 (CEST) In-Reply-To: <20180614141947.3580-1-pablo@netfilter.org> Sender: netdev-owner@vger.kernel.org List-ID: This patch adds the new filter chain at the early ingress hook. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Steffen Klassert --- net/netfilter/nft_chain_filter.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nft_chain_filter.c b/net/netfilter/nft_chain_filter.c index 84c902477a91..bc7fb2dc0e44 100644 --- a/net/netfilter/nft_chain_filter.c +++ b/net/netfilter/nft_chain_filter.c @@ -277,9 +277,11 @@ static const struct nft_chain_type nft_chain_filter_netdev = { .name = "filter", .type = NFT_CHAIN_T_DEFAULT, .family = NFPROTO_NETDEV, - .hook_mask = (1 << NF_NETDEV_INGRESS), + .hook_mask = (1 << NF_NETDEV_INGRESS) | + (1 << NF_NETDEV_EARLY_INGRESS), .hooks = { - [NF_NETDEV_INGRESS] = nft_do_chain_netdev, + [NF_NETDEV_INGRESS] = nft_do_chain_netdev, + [NF_NETDEV_EARLY_INGRESS] = nft_do_chain_netdev, }, }; -- 2.11.0