netfilter: nf_tables: support for multiple devices per netdev hook

This patch allows you to register one netdev basechain to multiple devices. This adds a new NFTA_HOOK_DEVS netlink attribute to specify the list of netdevices. Basechains store a list of hooks. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2019-10-16 14:30:05 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-10-23 13:01:34 +0200
commit: d54725cd11a57c30f650260cfb0a92c268bdc3e0 (patch)
tree: 50cd422f3306ee78c355c0f0e0a4d45a9168eddc /include/net/netfilter/nf_tables.h
parent: bbaef955af6efa6a9090b86430e452086d8fce02 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 3d71070e747a..5bf569e1173b 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -973,21 +973,21 @@ struct nft_hook {
  *	struct nft_base_chain - nf_tables base chain
  *
  *	@ops: netfilter hook ops
+ *	@hook_list: list of netfilter hooks (for NFPROTO_NETDEV family)
  *	@type: chain type
  *	@policy: default policy
  *	@stats: per-cpu chain stats
  *	@chain: the chain
- *	@dev_name: device name that this base chain is attached to (if any)
  *	@flow_block: flow block (for hardware offload)
  */
 struct nft_base_chain {
 	struct nf_hook_ops		ops;
+	struct list_head		hook_list;
 	const struct nft_chain_type	*type;
 	u8				policy;
 	u8				flags;
 	struct nft_stats __percpu	*stats;
 	struct nft_chain		chain;
-	char 				dev_name[IFNAMSIZ];
 	struct flow_block		flow_block;
 };
author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-10-16 14:30:05 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-10-23 13:01:34 +0200
commit	d54725cd11a57c30f650260cfb0a92c268bdc3e0 (patch)
tree	50cd422f3306ee78c355c0f0e0a4d45a9168eddc /include/net/netfilter/nf_tables.h
parent	bbaef955af6efa6a9090b86430e452086d8fce02 (diff)