On 5/13/15 9:19 AM, Pablo Neira Ayuso wrote:
This patch adds the Netfilter ingress hook just after the existing tc ingress
hook, that seems to be the consensus solution for this.
Looks good to me.
Acked-by: Alexei Starovoitov <ast@xxxxxxxxxxxx>
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 2b39235..6c256f8 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1659,6 +1659,9 @@ struct net_device {
struct tcf_proto __rcu *ingress_cl_list;
#endif
struct netdev_queue __rcu *ingress_queue;
+#ifdef CONFIG_NETFILTER_INGRESS
+ struct list_head nf_hooks_ingress;
+#endif
...
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index f70e34a..db1c674 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -1,6 +1,13 @@
menu "Core Netfilter Configuration"
depends on NET && INET && NETFILTER
+config NETFILTER_INGRESS
+ bool "Netfilter ingress support"
+ select NET_INGRESS
+ help
+ This allows you to classify packets from ingress using the Netfilter
+ infrastructure.
+
should be some default hint as well?
not sure why you want to do it under another config flag.
Just makes it harder to test all config combinations.
I think under global CONFIG_NETFILTER it would be fine as well.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
