[Devel,1/5] netfilter: ve_ipt_permitted() helper introduced

Submitted by Stanislav Kinsburskiy on July 21, 2017, 7:23 a.m.

Details

Message ID 20170721072313.15763.78187.stgit@localhost.localdomain
State New
Series "netfilter: rework iptables containerization"
Headers show

Commit Message

Stanislav Kinsburskiy July 21, 2017, 7:23 a.m.
Will be used for iptables availability initialization

Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
---
 include/linux/netfilter.h |    3 +++
 1 file changed, 3 insertions(+)

Patch hide | download patch | download mbox

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 98e53c8..f395cc3 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -410,6 +410,9 @@  DECLARE_PER_CPU(bool, nf_skb_duplicated);
 #ifdef CONFIG_VE_IPTABLES
 #include <linux/vziptable_defs.h>
 
+#define ve_ipt_permitted(netns, ipt)					\
+	(mask_ipt_allow(get_exec_env()->ipt_mask, ipt))
+
 #define net_ipt_permitted(netns, ipt)					\
 	(mask_ipt_allow((netns)->owner_ve->ipt_mask, ipt))