[Devel] [PATCH rh7 v8 1/2] net/netfilter: add a mark to distinguish nft ops

[Konstantin Khorenko]

We need to distinguish nft chain from other chains in
nf_nat_ipv{4,6}_fn(). Let's use a RedHat reserved field in
struct nf_hook_ops for that.

Will be used by the next patch.

https://jira.sw.ru/browse/PSBM-102728
https://jira.sw.ru/browse/PSBM-103746

Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 include/linux/netfilter.h     | 2 +-
 net/netfilter/nf_tables_api.c | 1 +
 net/netfilter/x_tables.c      | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index aeaffff37e1b5..20ec69caecb5e 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -109,7 +109,7 @@ struct nf_hook_ops {
 	unsigned long	__rht_reserved2;
 	unsigned long	__rht_reserved3;
 	unsigned long	__rht_reserved4;
-	unsigned long	__rht_reserved5;
+	unsigned long	is_nft_ops;
 };
 
 struct nf_sockopt_ops {
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index c52f69b75c857..4692c364e69c7 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1457,6 +1457,7 @@ static int nf_tables_newchain(struct net *net, struct sock *nlsk,
 			ops->hooknum	= hook.num;
 			ops->priority	= hook.priority;
 			ops->priv	= chain;
+			ops->is_nft_ops = 1;
 			ops->hook	= afi->hooks[ops->hooknum];
 			if (hookfn)
 				ops->hook = hookfn;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 2131197bbf244..1ffa1add7151e 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1618,6 +1618,8 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
 		ops[i].pf       = table->af;
 		ops[i].hooknum  = hooknum;
 		ops[i].priority = table->priority;
+		ops[i].priv	= NULL;
+		ops[i].is_nft_ops = 0;
 		++i;
 	}
 
-- 
2.15.1