diff options
| author | David S. Miller <davem@davemloft.net> | 2021-04-28 01:32:54 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2021-04-28 01:32:54 +0300 |
| commit | 0711459095bc9ddb5a0086146d2751e6d5412cbf (patch) | |
| tree | 0cf911953df3ca12f637f87ee7abcc8c01f8afb1 /include/net | |
| parent | 69e16d01d1de4f1249869de342915f608feb55d5 (diff) | |
| parent | 7acc0bb490c85012bcbda142b6755fd1fdf1fba1 (diff) | |
| download | linux-0711459095bc9ddb5a0086146d2751e6d5412cbf.tar.xz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
Netfilter updates for net-next
The following patchset contains Netfilter updates for net-next:
1) Add support for the catch-all set element. This special element
can be used to define a default action to be applied in case that
the set lookup returns no matching element.
2) Fix incorrect #ifdef dependencies in the nftables cgroupsv2
support, from Arnd Bergmann.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index eb708b77c4a5..27eeb613bb4e 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -497,6 +497,7 @@ struct nft_set { u8 dlen; u8 num_exprs; struct nft_expr *exprs[NFT_SET_EXPR_MAX]; + struct list_head catchall_list; unsigned char data[] __attribute__((aligned(__alignof__(u64)))); }; @@ -522,6 +523,10 @@ struct nft_set *nft_set_lookup_global(const struct net *net, const struct nlattr *nla_set_id, u8 genmask); +struct nft_set_ext *nft_set_catchall_lookup(const struct net *net, + const struct nft_set *set); +void *nft_set_catchall_gc(const struct nft_set *set); + static inline unsigned long nft_set_gc_interval(const struct nft_set *set) { return set->gc_int ? msecs_to_jiffies(set->gc_int) : HZ; |