git.ipfire.org Git - thirdparty/iptables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 11 Jul 2023 20:06:44 +0000 (22:06 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 12 Jul 2023 14:17:16 +0000 (16:17 +0200)
commit	4e95200ded923f0eb5579c33b91176193c59dbe0
tree	8b83c9ab49e2b1840c1818e68b08a1a1f220e283	tree \| snapshot
parent	82ccfb488eeac5507471099b9b4e6d136cc06e3b	commit \| diff

nft-bridge: pass context structure to ops->add() to improve anonymous set support

Add context structure to improve bridge among support which creates an
anonymous set. This context structure specifies the command and it
allows to optionally store a anonymous set.

Use this context to generate native bytecode only if this is an
add/insert/replace command.

This fixes a dangling anonymous set that is created on rule removal.

Fixes: 26753888720d ("nft: bridge: Rudimental among extension support")
Reported-and-tested-by: Igor Raits <igor@gooddata.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

iptables/nft-arp.c		diff \| blob \| blame \| history
iptables/nft-bridge.c		diff \| blob \| blame \| history
iptables/nft-cmd.c		diff \| blob \| blame \| history
iptables/nft-ipv4.c		diff \| blob \| blame \| history
iptables/nft-ipv6.c		diff \| blob \| blame \| history
iptables/nft-shared.h		diff \| blob \| blame \| history
iptables/nft.c		diff \| blob \| blame \| history
iptables/nft.h		diff \| blob \| blame \| history