netfilter: nf_tables: support different set binding types
authorPatrick McHardy <kaber@trash.net>
Sun, 5 Apr 2015 12:41:07 +0000 (14:41 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 8 Apr 2015 14:58:27 +0000 (16:58 +0200)
commit11113e190bf0ad73086884f87efccc994ff28b3d
tree295a3f9b12f40b61b2a1f3305fabab5f85a42ba8
parent3dd0673ac3cd7d05cde103396ec7ec410a901de2
netfilter: nf_tables: support different set binding types

Currently a set binding is assumed to be related to a lookup and, in
case of maps, a data load.

In order to use bindings for set updates, the loop detection checks
must be restricted to map operations only. Add a flags member to the
binding struct to hold the set "action" flags such as NFT_SET_MAP,
and perform loop detection based on these.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_tables.h
net/netfilter/nf_tables_api.c
net/netfilter/nft_lookup.c