redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity

netfilter: bridge: start splitting mask into public/private chunks

Browse source 
->mask is a bit info field that mixes various use cases.

In particular, we have flags that are mutually exlusive, and flags that
are only used within br_netfilter while others need to be exposed to
other parts of the kernel.

Remove BRNF_8021Q/PPPoE flags.  They're mutually exclusive and only
needed within br_netfilter context.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2015-04-02 14:31:44 +02:00 committed by Pablo Neira Ayuso
parent 383307838d
commit 3eaf402502
3 changed files with 17 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
include/linux/netfilter_bridge.h
View file

@ -20,12 +20,10 @@ enum nf_br_hook_priorities {
#define BRNF_PKT_TYPE 0x01 #define BRNF_PKT_TYPE 0x01
#define BRNF_BRIDGED_DNAT 0x02 #define BRNF_BRIDGED_DNAT 0x02
#define BRNF_NF_BRIDGE_PREROUTING 0x08 #define BRNF_NF_BRIDGE_PREROUTING 0x08
#define BRNF_8021Q 0x10
#define BRNF_PPPoE 0x20
static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb) static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)
{ {
if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE)) if (skb->nf_bridge->orig_proto == BRNF_PROTO_PPPOE)
return PPPOE_SES_HLEN; return PPPOE_SES_HLEN;
return 0; return 0;
} }

5
include/linux/skbuff.h
View file

@ -166,6 +166,11 @@ struct nf_conntrack {
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
struct nf_bridge_info { struct nf_bridge_info {
atomic_t use; atomic_t use;
enum {
BRNF_PROTO_UNCHANGED,
BRNF_PROTO_8021Q,
BRNF_PROTO_PPPOE
} orig_proto;
unsigned int mask; unsigned int mask;
struct net_device *physindev; struct net_device *physindev;
struct net_device *physoutdev; struct net_device *physoutdev;

15
net/bridge/br_netfilter.c
View file

@ -262,10 +262,16 @@ drop:
static void nf_bridge_update_protocol(struct sk_buff *skb) static void nf_bridge_update_protocol(struct sk_buff *skb)
{ {
if (skb->nf_bridge->mask & BRNF_8021Q) switch (skb->nf_bridge->orig_proto) {
case BRNF_PROTO_8021Q:
skb->protocol = htons(ETH_P_8021Q); skb->protocol = htons(ETH_P_8021Q);
else if (skb->nf_bridge->mask & BRNF_PPPoE) break;
case BRNF_PROTO_PPPOE:
skb->protocol = htons(ETH_P_PPP_SES); skb->protocol = htons(ETH_P_PPP_SES);
break;
case BRNF_PROTO_UNCHANGED:
break;
}
} }
/* PF_BRIDGE/PRE_ROUTING *********************************************/ /* PF_BRIDGE/PRE_ROUTING *********************************************/
@ -503,10 +509,11 @@ static struct net_device *setup_pre_routing(struct sk_buff *skb)
nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING; nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING;
nf_bridge->physindev = skb->dev; nf_bridge->physindev = skb->dev;
skb->dev = brnf_get_logical_dev(skb, skb->dev); skb->dev = brnf_get_logical_dev(skb, skb->dev);
if (skb->protocol == htons(ETH_P_8021Q)) if (skb->protocol == htons(ETH_P_8021Q))
nf_bridge->mask |= BRNF_8021Q; nf_bridge->orig_proto = BRNF_PROTO_8021Q;
else if (skb->protocol == htons(ETH_P_PPP_SES)) else if (skb->protocol == htons(ETH_P_PPP_SES))
nf_bridge->mask |= BRNF_PPPoE; nf_bridge->orig_proto = BRNF_PROTO_PPPOE;
/* Must drop socket now because of tproxy. */ /* Must drop socket now because of tproxy. */
skb_orphan(skb); skb_orphan(skb);