NFPROTO_INET only works for nf_tables, handle this pseudofamily from the core itself by expanding one NFPROTO_INET hook in two hook registrations, one for NFPROTO_IPV4 and another for NFPROTO_IPV6. This removes quite a bit of ad-hoc infrastructure in nf_tables, so it makes it less complex. There's a final patch that also removes the family-specific hooks for filter chains, now all hooks are already define in the chain type. Pablo Neira Ayuso (7): netfilter: core: add nf_remove_net_hook netfilter: core: pass hook number, family and device to nf_find_hook_list() netfilter: core: pass family as parameter to nf_remove_net_hook() netfilter: core: support for NFPROTO_INET hook registration netfilter: nf_tables_inet: don't use multihook infrastructure anymore netfilter: nf_tables: remove multihook chains and families netfilter: nf_tables: remove hooks from family definition include/net/netfilter/nf_tables.h | 13 +--- include/net/netfilter/nf_tables_ipv4.h | 2 - include/net/netfilter/nf_tables_ipv6.h | 2 - net/bridge/netfilter/nf_tables_bridge.c | 15 +++-- net/ipv4/netfilter/nf_tables_arp.c | 9 ++- net/ipv4/netfilter/nf_tables_ipv4.c | 18 +++--- net/ipv6/netfilter/nf_tables_ipv6.c | 18 +++--- net/netfilter/core.c | 97 ++++++++++++++++++++---------- net/netfilter/nf_tables_api.c | 102 +++++++++++++------------------- net/netfilter/nf_tables_inet.c | 69 +++++++++++++++++---- net/netfilter/nf_tables_netdev.c | 9 ++- net/netfilter/nft_compat.c | 8 +-- 12 files changed, 202 insertions(+), 160 deletions(-) -- 2.11.0 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
