diff mbox

[4/5] netfilter: nft_reject: split up reject module into IPv4 and IPv6 specifc parts

Message ID 20140205232657.GD5674@localhost
State Accepted
Headers show

Commit Message

Pablo Neira Ayuso Feb. 5, 2014, 11:26 p.m. UTC 
On Wed, Feb 05, 2014 at 03:03:38PM +0000, Patrick McHardy wrote:
> Currently the nft_reject module depends on symbols from ipv6. This is
> wrong since no generic module should force IPv6 support to be loaded.
> Split up the module into AF-specific and a generic part.

Applied, thanks. I have included this chunk which was missing:

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Comments

Patrick McHardy Feb. 6, 2014, 4:53 a.m. UTC | #1 
On Thu, Feb 06, 2014 at 12:26:57AM +0100, Pablo Neira Ayuso wrote:
> On Wed, Feb 05, 2014 at 03:03:38PM +0000, Patrick McHardy wrote:
> > Currently the nft_reject module depends on symbols from ipv6. This is
> > wrong since no generic module should force IPv6 support to be loaded.
> > Split up the module into AF-specific and a generic part.
> 
> Applied, thanks. I have included this chunk which was missing:

Oops, sorry.

> 
> --- /dev/null
> +++ b/include/net/netfilter/nft_reject.h
> @@ -0,0 +1,18 @@
> +#ifndef _NFT_REJECT_H_
> +#define _NFT_REJECT_H_
> +
> +struct nft_reject {
> +       enum nft_reject_types   type:8;
> +       u8                      icmp_code;
> +       u8                      family;

Family is actually not needed anymore.

> +};
> +
> +extern const struct nla_policy nft_reject_policy[];
> +
> +int nft_reject_init(const struct nft_ctx *ctx,
> +                   const struct nft_expr *expr,
> +                   const struct nlattr * const tb[]);
> +
> +int nft_reject_dump(struct sk_buff *skb, const struct nft_expr *expr);
> +
> +#endif
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso Feb. 6, 2014, 8:46 a.m. UTC | #2 
On Thu, Feb 06, 2014 at 04:53:08AM +0000, Patrick McHardy wrote:
> On Thu, Feb 06, 2014 at 12:26:57AM +0100, Pablo Neira Ayuso wrote:
> > On Wed, Feb 05, 2014 at 03:03:38PM +0000, Patrick McHardy wrote:
> > > Currently the nft_reject module depends on symbols from ipv6. This is
> > > wrong since no generic module should force IPv6 support to be loaded.
> > > Split up the module into AF-specific and a generic part.
> > 
> > Applied, thanks. I have included this chunk which was missing:
> 
> Oops, sorry.
> 
> > 
> > --- /dev/null
> > +++ b/include/net/netfilter/nft_reject.h
> > @@ -0,0 +1,18 @@
> > +#ifndef _NFT_REJECT_H_
> > +#define _NFT_REJECT_H_
> > +
> > +struct nft_reject {
> > +       enum nft_reject_types   type:8;
> > +       u8                      icmp_code;
> > +       u8                      family;
> 
> Family is actually not needed anymore.

Removed, thanks. Will push this shortly.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

--- /dev/null
+++ b/include/net/netfilter/nft_reject.h
@@ -0,0 +1,18 @@ 
+#ifndef _NFT_REJECT_H_
+#define _NFT_REJECT_H_
+
+struct nft_reject {
+       enum nft_reject_types   type:8;
+       u8                      icmp_code;
+       u8                      family;
+};
+
+extern const struct nla_policy nft_reject_policy[];
+
+int nft_reject_init(const struct nft_ctx *ctx,
+                   const struct nft_expr *expr,
+                   const struct nlattr * const tb[]);
+
+int nft_reject_dump(struct sk_buff *skb, const struct nft_expr *expr);
+
+#endif