netfilter: deprecate NF_STOP

NF_STOP is only used by br_netfilter these days, and it can be emulated with a combination of NF_STOLEN plus explicit call to the ->okfn() function as Florian suggests. To retain binary compatibility with userspace nf_queue application, we have to keep NF_STOP around, so libnetfilter_queue userspace userspace applications still work if they use NF_STOP for some exotic reason. Out of tree modules using NF_STOP would break, but we don't care about those. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-03 12:56:17 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-03 12:56:17 +0300
commit: 06fd3a392bb36ff162d10cb7d5794185b94edb2f (patch)
tree: 9b7b5a5b3f82e2b11f6cd903a724eb4829e0ce95 /include/uapi/linux/netfilter.h
parent: 1610a73c4175e7d63985316b52ac932b65a4dc90 (diff)
download: linux-06fd3a392bb36ff162d10cb7d5794185b94edb2f.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/include/uapi/linux/netfilter.h b/include/uapi/linux/netfilter.h
index d93f949d1d9a..7550e9176a54 100644
--- a/include/uapi/linux/netfilter.h
+++ b/include/uapi/linux/netfilter.h
@@ -13,7 +13,7 @@
 #define NF_STOLEN 2
 #define NF_QUEUE 3
 #define NF_REPEAT 4
-#define NF_STOP 5
+#define NF_STOP 5	/* Deprecated, for userspace nf_queue compatibility. */
 #define NF_MAX_VERDICT NF_STOP
 
 /* we overload the higher bits for encoding auxiliary data such as the queue
author	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-03 12:56:17 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-03 12:56:17 +0300
commit	06fd3a392bb36ff162d10cb7d5794185b94edb2f (patch)
tree	9b7b5a5b3f82e2b11f6cd903a724eb4829e0ce95 /include/uapi/linux/netfilter.h
parent	1610a73c4175e7d63985316b52ac932b65a4dc90 (diff)
download	linux-06fd3a392bb36ff162d10cb7d5794185b94edb2f.tar.xz