diff options
author | David S. Miller <davem@davemloft.net> | 2015-05-31 09:02:30 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-05-31 09:02:30 +0200 |
commit | 583d3f5af2a6dfa7866715d9e062dbfb3b66a6f0 (patch) | |
tree | 77e7c8514031b67d74bb5ce415074dd098b108ac /net/ipv4 | |
parent | Merge branch 'systemport-next' (diff) | |
parent | netfilter: nf_tables: add netdev table to filter from ingress (diff) | |
download | linux-583d3f5af2a6dfa7866715d9e062dbfb3b66a6f0.tar.xz linux-583d3f5af2a6dfa7866715d9e062dbfb3b66a6f0.zip |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
Pablo Neira Ayuso says:
====================
Netfilter updates for net-next
The following patchset contains Netfilter updates for net-next, they are:
1) default CONFIG_NETFILTER_INGRESS to y for easier compile-testing of all
options.
2) Allow to bind a table to net_device. This introduces the internal
NFT_AF_NEEDS_DEV flag to perform a mandatory check for this binding.
This is required by the next patch.
3) Add the 'netdev' table family, this new table allows you to create ingress
filter basechains. This provides access to the existing nf_tables features
from ingress.
4) Kill unused argument from compat_find_calc_{match,target} in ip_tables
and ip6_tables, from Florian Westphal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 2d0e265fef6e..e7abf5145edc 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1444,7 +1444,6 @@ static int compat_find_calc_match(struct xt_entry_match *m, const char *name, const struct ipt_ip *ip, - unsigned int hookmask, int *size) { struct xt_match *match; @@ -1513,8 +1512,7 @@ check_compat_entry_size_and_hooks(struct compat_ipt_entry *e, entry_offset = (void *)e - (void *)base; j = 0; xt_ematch_foreach(ematch, e) { - ret = compat_find_calc_match(ematch, name, - &e->ip, e->comefrom, &off); + ret = compat_find_calc_match(ematch, name, &e->ip, &off); if (ret != 0) goto release_matches; ++j; |