[Devel] [PATCH RHEL7 COMMIT] net/netfilter: add a mark to distinguish nft ops

Konstantin Khorenko khorenko at virtuozzo.com
Tue May 12 15:04:00 MSK 2020 

The commit is pushed to "branch-rh7-3.10.0-1127.vz7.150.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1127.vz7.150.9
------>
commit b7b4574051b17f0963f97dbcc0266a268cbd2db0
Author: Konstantin Khorenko <khorenko at virtuozzo.com>
Date:   Tue May 12 15:03:59 2020 +0300

    net/netfilter: add a mark to distinguish nft ops
    
    We need to distinguish nft chain from other chains in
    nf_nat_ipv{4,6}_fn(). Let's use a RedHat reserved field in
    struct nf_hook_ops for that.
    
    Will be used by the next patch.
    
    https://jira.sw.ru/browse/PSBM-102728
    https://jira.sw.ru/browse/PSBM-103746
    
    Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 include/linux/netfilter.h     | 2 +-
 net/netfilter/nf_tables_api.c | 1 +
 net/netfilter/x_tables.c      | 2 ++
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index aeaffff37e1b5..20ec69caecb5e 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -109,7 +109,7 @@ struct nf_hook_ops {
 	unsigned long	__rht_reserved2;
 	unsigned long	__rht_reserved3;
 	unsigned long	__rht_reserved4;
-	unsigned long	__rht_reserved5;
+	unsigned long	is_nft_ops;
 };
 
 struct nf_sockopt_ops {
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index c52f69b75c857..4692c364e69c7 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1457,6 +1457,7 @@ static int nf_tables_newchain(struct net *net, struct sock *nlsk,
 			ops->hooknum	= hook.num;
 			ops->priority	= hook.priority;
 			ops->priv	= chain;
+			ops->is_nft_ops = 1;
 			ops->hook	= afi->hooks[ops->hooknum];
 			if (hookfn)
 				ops->hook = hookfn;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 2131197bbf244..1ffa1add7151e 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1618,6 +1618,8 @@ struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
 		ops[i].pf       = table->af;
 		ops[i].hooknum  = hooknum;
 		ops[i].priority = table->priority;
+		ops[i].priv	= NULL;
+		ops[i].is_nft_ops = 0;
 		++i;
 	}

More information about the Devel mailing list