git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 28 Apr 2026 15:35:18 +0000 (17:35 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 30 Apr 2026 06:03:22 +0000 (08:03 +0200)
commit	6813985ca456d1f5677ad9554f55805cbf27e16f
tree	4db5ae47db569140c93bc8f754bed60e6a58d9e9	tree \| snapshot
parent	1d47b55b36d2ec73fe6901212c8b28a593c3b27c	commit \| diff

netfilter: x_tables: add .check_hooks to matches and targets

Add a new .check_hooks interface for checking if the match/target is
used from the validate hook according to its configuration.

Move existing conditional hook check based on the match/target
configuration from .checkentry to .check_hooks for the following
matches/targets:

- addrtype
- devgroup
- physdev
- policy
- set
- TCPMSS
- SET

This is a preparation patch to fix nft_compat, not functional changes
are intended.

Based on patch from Florian Westphal.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter/x_tables.h		diff \| blob \| blame \| history
net/netfilter/x_tables.c		diff \| blob \| blame \| history
net/netfilter/xt_TCPMSS.c		diff \| blob \| blame \| history
net/netfilter/xt_addrtype.c		diff \| blob \| blame \| history
net/netfilter/xt_devgroup.c		diff \| blob \| blame \| history
net/netfilter/xt_physdev.c		diff \| blob \| blame \| history
net/netfilter/xt_policy.c		diff \| blob \| blame \| history
net/netfilter/xt_set.c		diff \| blob \| blame \| history