netfilter: nf_tables: Stack expression type depending on their family
authorTomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Mon, 14 Apr 2014 12:41:26 +0000 (15:41 +0300)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 23 Apr 2014 11:51:05 +0000 (13:51 +0200)
To ensure family tight expression gets selected in priority to family
agnostic ones.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c

index 1c5e6335b2e3cae4774c0ac98205f1e28dece02e..1d0c174d30fc81ffa8f9eebd67c045af4a8b0cd8 100644 (file)
@@ -1093,7 +1093,10 @@ static void nft_ctx_init(struct nft_ctx *ctx,
 int nft_register_expr(struct nft_expr_type *type)
 {
        nfnl_lock(NFNL_SUBSYS_NFTABLES);
-       list_add_tail(&type->list, &nf_tables_expressions);
+       if (type->family == NFPROTO_UNSPEC)
+               list_add_tail(&type->list, &nf_tables_expressions);
+       else
+               list_add(&type->list, &nf_tables_expressions);
        nfnl_unlock(NFNL_SUBSYS_NFTABLES);
        return 0;
 }