www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Phil Sutter <phil@nwl.cc>
	Wed, 21 May 2025 20:44:32 +0000 (22:44 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 23 May 2025 11:57:14 +0000 (13:57 +0200)
commit	6d07a289504a246aa97cdac0fec61a15834801b7
tree	f3c94e58190890a65faa49e3913c3d857e10178a	tree
parent	6f670935b4703af1ef58b2cba7faf2bd154cce39	commit \| diff

netfilter: nf_tables: Support wildcard netdev hook specs

User space may pass non-nul-terminated NFTA_DEVICE_NAME attribute values
to indicate a suffix wildcard.
Expect for multiple devices to match the given prefix in
nft_netdev_hook_alloc() and populate 'ops_list' with them all.
When checking for duplicate hooks, compare the shortest prefix so a
device may never match more than a single hook spec.
Finally respect the stored prefix length when hooking into new devices
from event handlers.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_chain_filter.c		diff \| blob \| history