summaryrefslogtreecommitdiff
path: root/net/bridge/br_private.h
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2010-07-02 11:32:57 +0400
committerPatrick McHardy <kaber@trash.net>2010-07-02 11:32:57 +0400
commit4df53d8bab65cf2c18daebd51a5a4847e03f1943 (patch)
treef776c088d9d525672eac2e95ef1d183e52d88837 /net/bridge/br_private.h
parent7eb9282cd0efac08b8377cbd5037ba297c77e3f7 (diff)
downloadlinux-4df53d8bab65cf2c18daebd51a5a4847e03f1943.tar.xz
bridge: add per bridge device controls for invoking iptables
Support more fine grained control of bridge netfilter iptables invocation by adding seperate brnf_call_*tables parameters for each device using the sysfs interface. Packets are passed to layer 3 netfilter when either the global parameter or the per bridge parameter is enabled. Acked-by: Stephen Hemminger <shemminger@vyatta.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge/br_private.h')
-rw-r--r--net/bridge/br_private.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index c83519b555bb..7484065da303 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -164,6 +164,9 @@ struct net_bridge
unsigned long feature_mask;
#ifdef CONFIG_BRIDGE_NETFILTER
struct rtable fake_rtable;
+ bool nf_call_iptables;
+ bool nf_call_ip6tables;
+ bool nf_call_arptables;
#endif
unsigned long flags;
#define BR_SET_MAC_ADDR 0x00000001