v2: patch 2 needs to update nfnl_lockdep_names[] in nfnetlink.c. First patch is a required dependency to allow to check when its safe to treat the 'priv' pointer as a nft base chain pointer. Second patch adds a new nfnl subsystem to enable userspace to dump the active hooks to userspace. Previous patches added this to nf_tables instead, but technically this isn't related to nf_tables. Using a new nfnl subsys allows to extend this later, e.g. to send out notifications, e.g. when a new base hook is registered. Florian Westphal (2): netfilter: annotate nf_tables base hook ops netfilter: add new hook nfnl subsystem include/linux/netfilter.h | 8 +- include/uapi/linux/netfilter/nfnetlink.h | 3 +- include/uapi/linux/netfilter/nfnetlink_hook.h | 54 +++ net/netfilter/Kconfig | 9 + net/netfilter/Makefile | 1 + net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nfnetlink.c | 1 + net/netfilter/nfnetlink_hook.c | 375 ++++++++++++++++++ 8 files changed, 452 insertions(+), 3 deletions(-) create mode 100644 include/uapi/linux/netfilter/nfnetlink_hook.h create mode 100644 net/netfilter/nfnetlink_hook.c -- 2.26.3
