Eric Leblond <eric@xxxxxxxxx> wrote:
> This patch adds a new nft module named "nft_queue" which is a
> nftables target sending packet to nfnetlink_queue subsystem. It has
> the same level of functionnality as is iptables ancestor and share
> some code with it.
> +static u32 jhash_initval __read_mostly;
Consider adding something like
> +static int nft_queue_init(const struct nft_ctx *ctx,
> + const struct nft_expr *expr,
> + const struct nlattr * const tb[])
> +{
> + struct nft_queue *priv = nft_expr_priv(expr);
while (jhash_initval == 0)
jhash_initval = prandom_u32();
Other than this, it looks good to me.
Thanks for spending time on this!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
