netfilter: bridge: Expose nf_tables bridge hook priorities through uapi

author Máté Eckl <ecklm94@gmail.com>

Fri, 3 Aug 2018 11:36:13 +0000 (13:36 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Fri, 3 Aug 2018 19:15:09 +0000 (21:15 +0200)
author Máté Eckl <ecklm94@gmail.com>
Fri, 3 Aug 2018 11:36:13 +0000 (13:36 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Fri, 3 Aug 2018 19:15:09 +0000 (21:15 +0200)
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h

index b671fdfd212b49c74d8768575531df8ed3a867d4..fa06865009702f6cba4d763d1c05699b35e08e5b 100644 (file)
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -5,17 +5,6 @@
  #include <uapi/linux/netfilter_bridge.h>
  #include <linux/skbuff.h>
  
-enum nf_br_hook_priorities {
-       NF_BR_PRI_FIRST = INT_MIN,
-       NF_BR_PRI_NAT_DST_BRIDGED = -300,
-       NF_BR_PRI_FILTER_BRIDGED = -200,
-       NF_BR_PRI_BRNF = 0,
-       NF_BR_PRI_NAT_DST_OTHER = 100,
-       NF_BR_PRI_FILTER_OTHER = 200,
-       NF_BR_PRI_NAT_SRC = 300,
-       NF_BR_PRI_LAST = INT_MAX,
-};
-
  #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
  
  int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb);
diff --git a/include/uapi/linux/netfilter_bridge.h b/include/uapi/linux/netfilter_bridge.h

index 12fb77633f83c9bfe0c816d0b9d1ee846f648a87..156ccd089df184853c180a240bfaaaa27774a4fe 100644 (file)
--- a/include/uapi/linux/netfilter_bridge.h
+++ b/include/uapi/linux/netfilter_bridge.h
@@ -26,4 +26,15 @@
  #define NF_BR_BROUTING         5
  #define NF_BR_NUMHOOKS         6
  
+enum nf_br_hook_priorities {
+       NF_BR_PRI_FIRST = INT_MIN,
+       NF_BR_PRI_NAT_DST_BRIDGED = -300,
+       NF_BR_PRI_FILTER_BRIDGED = -200,
+       NF_BR_PRI_BRNF = 0,
+       NF_BR_PRI_NAT_DST_OTHER = 100,
+       NF_BR_PRI_FILTER_OTHER = 200,
+       NF_BR_PRI_NAT_SRC = 300,
+       NF_BR_PRI_LAST = INT_MAX,
+};
+
  #endif /* _UAPI__LINUX_BRIDGE_NETFILTER_H */
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c

index 9b16eaf3381960def1d938d2977e6c967a02c72a..6e0dc6bcd32af7e056e3006fdc0a483aaf4771d1 100644 (file)
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -26,6 +26,7 @@
  #include <linux/if_pppox.h>
  #include <linux/ppp_defs.h>
  #include <linux/netfilter_bridge.h>
+#include <uapi/linux/netfilter_bridge.h>
  #include <linux/netfilter_ipv4.h>
  #include <linux/netfilter_ipv6.h>
  #include <linux/netfilter_arp.h>
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c

index c41da5fac84f49a9cf5e58eaab88b3beb2d81fba..550324c516ee345b4fb669d4166e7d5abf457c82 100644 (file)
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -9,6 +9,7 @@
   */
  
  #include <linux/netfilter_bridge/ebtables.h>
+#include <uapi/linux/netfilter_bridge.h>
  #include <linux/module.h>
  
  #define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c

index 08df7406ecb3835a664a695a239d73f62eeaf457..c0fb3ca518af85e551a52dd301370c922594105d 100644 (file)
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -9,6 +9,7 @@
   */
  
  #include <linux/netfilter_bridge/ebtables.h>
+#include <uapi/linux/netfilter_bridge.h>
  #include <linux/module.h>
  
  #define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \
author	Máté Eckl <ecklm94@gmail.com>
	Fri, 3 Aug 2018 11:36:13 +0000 (13:36 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 3 Aug 2018 19:15:09 +0000 (21:15 +0200)
include/linux/netfilter_bridge.h		patch \| blob \| history
include/uapi/linux/netfilter_bridge.h		patch \| blob \| history
net/bridge/br_netfilter_hooks.c		patch \| blob \| history
net/bridge/netfilter/ebtable_filter.c		patch \| blob \| history
net/bridge/netfilter/ebtable_nat.c		patch \| blob \| history