On Fri, Aug 03, 2018 at 01:36:13PM +0200, Máté Eckl wrote:
> Netfilter exposes standard hook priorities in case of ipv4, ipv6 and
> arp but not in case of bridge.
>
> This patch exposes the hook priority values of the bridge family (which are
> different from the formerly mentioned) via uapi so that they can be used by
> user-space applications just like the others.
Applied, thanks.
One minor glitch, see below.
> Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx>
> ---
> The list of the modified files can be validated with the following
> command:
> find <kernel source dir> -name "*.[ch]" -exec grep --color -HnE \
> "(NF_BR_PRI_FIRST|NF_BR_PRI_NAT_DST_BRIDGED|NF_BR_PRI_FILTER_BRIDGED|NF_BR_PRI_BRNF|NF_BR_PRI_NAT_DST_OTHER|NF_BR_PRI_FILTER_OTHER|NF_BR_PRI_NAT_SRC|NF_BR_PRI_LAST)" \
> {} \; | cut -d ":" -f1 | uniq
>
> include/linux/netfilter_bridge.h | 11 -----------
> include/uapi/linux/netfilter_bridge.h | 11 +++++++++++
> net/bridge/br_netfilter_hooks.c | 1 +
> net/bridge/netfilter/ebtable_filter.c | 1 +
> net/bridge/netfilter/ebtable_nat.c | 1 +
> 5 files changed, 14 insertions(+), 11 deletions(-)
>
> diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
> index b671fdfd212b..fa0686500970 100644
> --- a/include/linux/netfilter_bridge.h
> +++ b/include/linux/netfilter_bridge.h
> @@ -5,17 +5,6 @@
> #include <uapi/linux/netfilter_bridge.h>
> #include <linux/skbuff.h>
>
> -enum nf_br_hook_priorities {
> - NF_BR_PRI_FIRST = INT_MIN,
> - NF_BR_PRI_NAT_DST_BRIDGED = -300,
> - NF_BR_PRI_FILTER_BRIDGED = -200,
> - NF_BR_PRI_BRNF = 0,
> - NF_BR_PRI_NAT_DST_OTHER = 100,
> - NF_BR_PRI_FILTER_OTHER = 200,
> - NF_BR_PRI_NAT_SRC = 300,
> - NF_BR_PRI_LAST = INT_MAX,
> -};
> -
> #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
>
> int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb);
> diff --git a/include/uapi/linux/netfilter_bridge.h b/include/uapi/linux/netfilter_bridge.h
> index 12fb77633f83..156ccd089df1 100644
> --- a/include/uapi/linux/netfilter_bridge.h
> +++ b/include/uapi/linux/netfilter_bridge.h
> @@ -26,4 +26,15 @@
> #define NF_BR_BROUTING 5
> #define NF_BR_NUMHOOKS 6
>
> +enum nf_br_hook_priorities {
I have renamed this to 'enum nf_br_hooks' to make it consistent with
'enum nf_inet_hooks' definition in uapi/linux/netfilter.h before
applying.
> + NF_BR_PRI_FIRST = INT_MIN,
> + NF_BR_PRI_NAT_DST_BRIDGED = -300,
> + NF_BR_PRI_FILTER_BRIDGED = -200,
> + NF_BR_PRI_BRNF = 0,
> + NF_BR_PRI_NAT_DST_OTHER = 100,
> + NF_BR_PRI_FILTER_OTHER = 200,
> + NF_BR_PRI_NAT_SRC = 300,
> + NF_BR_PRI_LAST = INT_MAX,
> +};
> +
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
