26888dfd7e
since commit 960632ece6 ("netfilter: convert hook list to an array")
nfqueue no longer stores a pointer to the hook that caused the packet
to be queued. Therefore no extra synchronize_net() call is needed after
dropping the packets enqueued by the old rule blob.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
19 lines
448 B
C
19 lines
448 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _NF_INTERNALS_H
|
|
#define _NF_INTERNALS_H
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/netdevice.h>
|
|
|
|
/* nf_queue.c */
|
|
int nf_queue(struct sk_buff *skb, struct nf_hook_state *state,
|
|
const struct nf_hook_entries *entries, unsigned int index,
|
|
unsigned int verdict);
|
|
void nf_queue_nf_hook_drop(struct net *net);
|
|
|
|
/* nf_log.c */
|
|
int __init netfilter_log_init(void);
|
|
|
|
#endif
|