diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-02-10 14:08:23 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-02-12 16:45:13 +0300 |
commit | 1a94e38d254b3622d5d53f74b3b716b0fcab0ba8 (patch) | |
tree | 58a49f5fc667dea423a331fa5665897c574d1edb /include/net | |
parent | 74e8bcd21c40dbbb3d74fa904536f8a3bddafed3 (diff) | |
download | linux-1a94e38d254b3622d5d53f74b3b716b0fcab0ba8.tar.xz |
netfilter: nf_tables: add NFTA_RULE_ID attribute
This new attribute allows us to uniquely identify a rule in transaction.
Robots may trigger an insertion followed by deletion in a batch, in that
scenario we still don't have a public rule handle that we can use to
delete the rule. This is similar to the NFTA_SET_ID attribute that
allows us to refer to an anonymous set from a batch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_tables.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 21ce50e6d0c5..ac84686aaafb 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -1202,10 +1202,13 @@ struct nft_trans { struct nft_trans_rule { struct nft_rule *rule; + u32 rule_id; }; #define nft_trans_rule(trans) \ (((struct nft_trans_rule *)trans->data)->rule) +#define nft_trans_rule_id(trans) \ + (((struct nft_trans_rule *)trans->data)->rule_id) struct nft_trans_set { struct nft_set *set; |