diff options
author | Florian Westphal <fw@strlen.de> | 2017-04-19 18:14:04 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-04-26 09:30:21 +0200 |
commit | 1fefe14725c7cc7c720f9f8af2bc3bef13fd7d39 (patch) | |
tree | 0d3eee75eef102d294995a7ccca05bf7406c8c51 /include/net | |
parent | 122868b378094853b376f3e2ac833bcee078eb3c (diff) | |
download | linux-stable-1fefe14725c7cc7c720f9f8af2bc3bef13fd7d39.tar.gz linux-stable-1fefe14725c7cc7c720f9f8af2bc3bef13fd7d39.tar.bz2 linux-stable-1fefe14725c7cc7c720f9f8af2bc3bef13fd7d39.zip |
netfilter: synproxy: only register hooks when needed
Defer registration of the synproxy hooks until the first SYNPROXY rule is
added. Also means we only register hooks in namespaces that need it.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_conntrack_synproxy.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_synproxy.h b/include/net/netfilter/nf_conntrack_synproxy.h index b0ca402c1f72..a2fcb5271726 100644 --- a/include/net/netfilter/nf_conntrack_synproxy.h +++ b/include/net/netfilter/nf_conntrack_synproxy.h @@ -52,6 +52,8 @@ struct synproxy_stats { struct synproxy_net { struct nf_conn *tmpl; struct synproxy_stats __percpu *stats; + unsigned int hook_ref4; + unsigned int hook_ref6; }; extern unsigned int synproxy_net_id; |