diff options
| author | Patrick McHardy <kaber@trash.net> | 2010-07-02 03:32:57 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-07-02 03:32:57 -0400 |
| commit | 4df53d8bab65cf2c18daebd51a5a4847e03f1943 (patch) | |
| tree | f776c088d9d525672eac2e95ef1d183e52d88837 /net/bridge/br_private.h | |
| parent | 7eb9282cd0efac08b8377cbd5037ba297c77e3f7 (diff) | |
bridge: add per bridge device controls for invoking iptables
Support more fine grained control of bridge netfilter iptables invocation
by adding seperate brnf_call_*tables parameters for each device using the
sysfs interface. Packets are passed to layer 3 netfilter when either the
global parameter or the per bridge parameter is enabled.
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge/br_private.h')
| -rw-r--r-- | net/bridge/br_private.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index c83519b555bb..7484065da303 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h | |||
| @@ -164,6 +164,9 @@ struct net_bridge | |||
| 164 | unsigned long feature_mask; | 164 | unsigned long feature_mask; |
| 165 | #ifdef CONFIG_BRIDGE_NETFILTER | 165 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 166 | struct rtable fake_rtable; | 166 | struct rtable fake_rtable; |
| 167 | bool nf_call_iptables; | ||
| 168 | bool nf_call_ip6tables; | ||
| 169 | bool nf_call_arptables; | ||
| 167 | #endif | 170 | #endif |
| 168 | unsigned long flags; | 171 | unsigned long flags; |
| 169 | #define BR_SET_MAC_ADDR 0x00000001 | 172 | #define BR_SET_MAC_ADDR 0x00000001 |