git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 7 Oct 2020 23:14:48 +0000 (01:14 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sun, 11 Oct 2020 23:57:34 +0000 (01:57 +0200)
commit	d3519cb89f6d5949481afa5de3ee0fc6a051e231
tree	4d7c09995972f512f85ba4b2ab302dd2986c1456	tree
parent	60a3815da702fd9e4759945f26cce5c47d3967ad	commit \| diff

netfilter: nf_tables: add inet ingress support

This patch adds a new ingress hook for the inet family. The inet ingress
hook emulates the IP receive path code, therefore, unclean packets are
drop before walking over the ruleset in this basechain.

This patch also introduces the nft_base_chain_netdev() helper function
to check if this hook is bound to one or more devices (through the hook
list infrastructure). This check allows to perform the same handling for
the inet ingress as it would be a netdev ingress chain from the control
plane.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| blame \| history
include/net/netfilter/nf_tables_ipv4.h		diff \| blob \| blame \| history
include/net/netfilter/nf_tables_ipv6.h		diff \| blob \| blame \| history
net/netfilter/nf_tables_api.c		diff \| blob \| blame \| history
net/netfilter/nft_chain_filter.c		diff \| blob \| blame \| history