summaryrefslogtreecommitdiff
path: root/net/netfilter/xt_socket.c
diff options
context:
space:
mode:
authorJan Engelhardt <jengelh@medozas.de>2009-10-29 15:35:10 +0100
committerPatrick McHardy <kaber@trash.net>2009-10-29 15:35:10 +0100
commitaa3c487f355ff1477b8369d9f0b9860387ae21d4 (patch)
tree2732075d79318d46c629d56d14374c235896cc70 /net/netfilter/xt_socket.c
parented3f2e40f3d438f4a1ec0a898173116cb26f106a (diff)
netfilter: xt_socket: make module available for INPUT chain
This should make it possible to test for the existence of local sockets in the INPUT path. References: http://marc.info/?l=netfilter-devel&m=125380481517129&w=2 Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Balazs Scheidler <bazsi@balabit.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/xt_socket.c')
-rw-r--r--net/netfilter/xt_socket.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 362afbd60a96..6a902564d24f 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -192,7 +192,8 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
.revision = 0,
.family = NFPROTO_IPV4,
.match = socket_mt_v0,
- .hooks = 1 << NF_INET_PRE_ROUTING,
+ .hooks = (1 << NF_INET_PRE_ROUTING) |
+ (1 << NF_INET_LOCAL_IN),
.me = THIS_MODULE,
},
{
@@ -201,7 +202,8 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
.family = NFPROTO_IPV4,
.match = socket_mt_v1,
.matchsize = sizeof(struct xt_socket_mtinfo1),
- .hooks = 1 << NF_INET_PRE_ROUTING,
+ .hooks = (1 << NF_INET_PRE_ROUTING) |
+ (1 << NF_INET_LOCAL_IN),
.me = THIS_MODULE,
},
};