netfilter: nf_tables: complete net namespace support Register family per netnamespace to ensure that sets are only visible in its approapriate namespace. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

commit: 99633ab29b2131b68089a6c7f60458390860e044 [log] [tgz]
author: Pablo Neira Ayuso <pablo@netfilter.org> Thu Oct 10 23:28:33 2013 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> Mon Oct 14 18:00:59 2013 +0200
tree: eb7e2ecd9ed875ed4d3a050b95ed3d77bbde762b
parent: eb31628e37a0a4e01fffd79dcc7f815d2357f53a [diff] [blame]
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index bcc4a8e..da68c9a 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h

@@ -22,6 +22,7 @@
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 #include <net/netns/conntrack.h>
 #endif
+#include <net/netns/nftables.h>
 #include <net/netns/xfrm.h>
 
 struct user_namespace;
@@ -101,6 +102,9 @@
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 	struct netns_ct		ct;
 #endif
+#if defined(CONFIG_NF_TABLES) || defined(CONFIG_NF_TABLES_MODULE)
+	struct netns_nftables	nft;
+#endif
 #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
 	struct netns_nf_frag	nf_frag;
 #endif
commit	99633ab29b2131b68089a6c7f60458390860e044	[log] [tgz]
author	Pablo Neira Ayuso <pablo@netfilter.org>	Thu Oct 10 23:28:33 2013 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	Mon Oct 14 18:00:59 2013 +0200
tree	eb7e2ecd9ed875ed4d3a050b95ed3d77bbde762b
parent	eb31628e37a0a4e01fffd79dcc7f815d2357f53a [diff] [blame]