netfilter: nf_tables: add netdev table to filter from ingress

This allows us to create netdev tables that contain ingress chains. Use
skb_header_pointer() as we may see shared sk_buffs at this stage.

This change provides access to the existing nf_tables features from the ingress
hook.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h
index eee608b..c807811 100644 (file)
--- a/include/net/netns/nftables.h
+++ b/include/net/netns/nftables.h
@@ -13,6 +13,7 @@ struct netns_nftables {
        struct nft_af_info      *inet;
        struct nft_af_info      *arp;
        struct nft_af_info      *bridge;
+       struct nft_af_info      *netdev;
        unsigned int            base_seq;
        u8                      gencursor;
 };

diff --cc net/netfilter/Kconfig
Simple merge

diff --cc net/netfilter/Makefile
Simple merge

diff --cc net/netfilter/nf_tables_netdev.c
Simple merge