diff options
| author | Bart De Schuymer <bdschuym@pandora.be> | 2002-09-18 18:18:25 +0000 |
|---|---|---|
| committer | Bart De Schuymer <bdschuym@pandora.be> | 2002-09-18 18:18:25 +0000 |
| commit | 41426497d4a7630cf6044d5e90174b7243bd8215 (patch) | |
| tree | c84df14ebb69a357b7e6968586014949715c4238 /br-nf-bds | |
| parent | ada6f3f546bcb93735002a5fdd234b146dab3e50 (diff) | |
*** empty log message ***
Diffstat (limited to 'br-nf-bds')
| -rw-r--r-- | br-nf-bds/linux2.5/include/linux/skbuff.h | 2 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/Config.in | 96 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/bridge/br.c | 20 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/bridge/br_forward.c | 6 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/bridge/br_input.c | 13 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/bridge/br_private.h | 2 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/core/netfilter.c | 6 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/core/skbuff.c | 8 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/ipv4/ip_output.c | 8 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c | 24 | ||||
| -rw-r--r-- | br-nf-bds/linux2.5/net/ipv4/netfilter/ipt_LOG.c | 4 |
11 files changed, 16 insertions, 173 deletions
diff --git a/br-nf-bds/linux2.5/include/linux/skbuff.h b/br-nf-bds/linux2.5/include/linux/skbuff.h index f1efc36..fb99584 100644 --- a/br-nf-bds/linux2.5/include/linux/skbuff.h +++ b/br-nf-bds/linux2.5/include/linux/skbuff.h @@ -177,10 +177,8 @@ struct sk_buff { struct sock *sk; struct timeval stamp; struct net_device *dev; -#ifdef CONFIG_BRIDGE_NF struct net_device *physindev; struct net_device *physoutdev; -#endif union { struct tcphdr *th; diff --git a/br-nf-bds/linux2.5/net/Config.in b/br-nf-bds/linux2.5/net/Config.in deleted file mode 100644 index 12faa89..0000000 --- a/br-nf-bds/linux2.5/net/Config.in +++ /dev/null @@ -1,96 +0,0 @@ -# -# Network configuration -# -mainmenu_option next_comment -comment 'Networking options' -tristate 'Packet socket' CONFIG_PACKET -if [ "$CONFIG_PACKET" != "n" ]; then - bool ' Packet socket: mmapped IO' CONFIG_PACKET_MMAP -fi - -tristate 'Netlink device emulation' CONFIG_NETLINK_DEV - -bool 'Network packet filtering (replaces ipchains)' CONFIG_NETFILTER -if [ "$CONFIG_NETFILTER" = "y" ]; then - bool ' Network packet filtering debugging' CONFIG_NETFILTER_DEBUG -fi -bool 'Socket Filtering' CONFIG_FILTER -tristate 'Unix domain sockets' CONFIG_UNIX -bool 'TCP/IP networking' CONFIG_INET -if [ "$CONFIG_INET" = "y" ]; then - source net/ipv4/Config.in - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then -# IPv6 as module will cause a CRASH if you try to unload it - tristate ' The IPv6 protocol (EXPERIMENTAL)' CONFIG_IPV6 - if [ "$CONFIG_IPV6" != "n" ]; then - source net/ipv6/Config.in - fi - fi -fi -if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - bool 'Asynchronous Transfer Mode (ATM) (EXPERIMENTAL)' CONFIG_ATM - if [ "$CONFIG_ATM" = "y" ]; then - if [ "$CONFIG_INET" = "y" ]; then - bool ' Classical IP over ATM (EXPERIMENTAL)' CONFIG_ATM_CLIP - if [ "$CONFIG_ATM_CLIP" = "y" ]; then - bool ' Do NOT send ICMP if no neighbour (EXPERIMENTAL)' CONFIG_ATM_CLIP_NO_ICMP - fi - fi - tristate ' LAN Emulation (LANE) support (EXPERIMENTAL)' CONFIG_ATM_LANE - if [ "$CONFIG_INET" = "y" -a "$CONFIG_ATM_LANE" != "n" ]; then - tristate ' Multi-Protocol Over ATM (MPOA) support (EXPERIMENTAL)' CONFIG_ATM_MPOA - fi - fi -fi -tristate '802.1Q VLAN Support' CONFIG_VLAN_8021Q - -tristate 'ANSI/IEEE 802.2 Data link layer protocol' CONFIG_LLC -if [ "$CONFIG_LLC" != "n" ]; then - tristate ' LLC sockets interface' CONFIG_LLC_UI -fi - -dep_tristate 'The IPX protocol' CONFIG_IPX $CONFIG_LLC -if [ "$CONFIG_IPX" != "n" ]; then - source net/ipx/Config.in -fi - -dep_tristate 'Appletalk protocol support' CONFIG_ATALK $CONFIG_LLC -source drivers/net/appletalk/Config.in - -tristate 'DECnet Support' CONFIG_DECNET -if [ "$CONFIG_DECNET" != "n" ]; then - source net/decnet/Config.in -fi -dep_tristate '802.1d Ethernet Bridging' CONFIG_BRIDGE $CONFIG_INET -if [ "$CONFIG_BRIDGE" != "n" -a "$CONFIG_NETFILTER" != "n" ]; then - source net/bridge/netfilter/Config.in -fi -if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - if [ "$CONFIG_BRIDGE" != "n" -a "$CONFIG_NETFILTER" != "n" ]; then - bool ' netfilter (firewalling) support' CONFIG_BRIDGE_NF - fi - tristate 'CCITT X.25 Packet Layer (EXPERIMENTAL)' CONFIG_X25 - tristate 'LAPB Data Link Driver (EXPERIMENTAL)' CONFIG_LAPB - bool 'Frame Diverter (EXPERIMENTAL)' CONFIG_NET_DIVERT - if [ "$CONFIG_INET" = "y" ]; then - tristate 'Acorn Econet/AUN protocols (EXPERIMENTAL)' CONFIG_ECONET - if [ "$CONFIG_ECONET" != "n" ]; then - bool ' AUN over UDP' CONFIG_ECONET_AUNUDP - bool ' Native Econet' CONFIG_ECONET_NATIVE - fi - fi - tristate 'WAN router' CONFIG_WAN_ROUTER - bool 'Fast switching (read help!)' CONFIG_NET_FASTROUTE - bool 'Forwarding between high speed interfaces' CONFIG_NET_HW_FLOWCONTROL -fi - -mainmenu_option next_comment -comment 'QoS and/or fair queueing' -bool 'QoS and/or fair queueing' CONFIG_NET_SCHED -if [ "$CONFIG_NET_SCHED" = "y" ]; then - source net/sched/Config.in -fi -#bool 'Network code profiler' CONFIG_NET_PROFILE -endmenu - -endmenu diff --git a/br-nf-bds/linux2.5/net/bridge/br.c b/br-nf-bds/linux2.5/net/bridge/br.c index 30681c1..c119197 100644 --- a/br-nf-bds/linux2.5/net/bridge/br.c +++ b/br-nf-bds/linux2.5/net/bridge/br.c @@ -5,7 +5,7 @@ * Authors: * Lennert Buytenhek <buytenh@gnu.org> * - * $Id: br.c,v 1.1 2002/08/24 09:28:29 bdschuym Exp $ + * $Id: br.c,v 1.2 2002/09/18 18:22:13 bdschuym Exp $ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -28,13 +28,7 @@ #include "../atm/lec.h" #endif -#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \ - defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE) -unsigned int (*broute_decision) (unsigned int hook, struct sk_buff **pskb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) = NULL; -#endif +int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; void br_dec_use_count() { @@ -50,11 +44,8 @@ static int __init br_init(void) { printk(KERN_INFO "NET4: Ethernet Bridge 008 for NET4.0\n"); -#ifdef CONFIG_BRIDGE_NF if (br_netfilter_init()) return 1; -#endif - br_handle_frame_hook = br_handle_frame; br_ioctl_hook = br_ioctl_deviceless_stub; #if defined(CONFIG_ATM_LANE) || defined(CONFIG_ATM_LANE_MODULE) @@ -78,9 +69,7 @@ static void __br_clear_ioctl_hook(void) static void __exit br_deinit(void) { -#ifdef CONFIG_BRIDGE_NF br_netfilter_fini(); -#endif unregister_netdevice_notifier(&br_device_notifier); br_call_ioctl_atomic(__br_clear_ioctl_hook); net_call_rx_atomic(__br_clear_frame_hook); @@ -90,10 +79,7 @@ static void __exit br_deinit(void) #endif } -#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \ - defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE) -EXPORT_SYMBOL(broute_decision); -#endif +EXPORT_SYMBOL(br_should_route_hook); module_init(br_init) module_exit(br_deinit) diff --git a/br-nf-bds/linux2.5/net/bridge/br_forward.c b/br-nf-bds/linux2.5/net/bridge/br_forward.c index a8cc91f..f16ad66 100644 --- a/br-nf-bds/linux2.5/net/bridge/br_forward.c +++ b/br-nf-bds/linux2.5/net/bridge/br_forward.c @@ -5,7 +5,7 @@ * Authors: * Lennert Buytenhek <buytenh@gnu.org> * - * $Id: br_forward.c,v 1.2 2002/09/10 17:38:19 bdschuym Exp $ + * $Id: br_forward.c,v 1.3 2002/09/18 18:24:19 bdschuym Exp $ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -30,7 +30,7 @@ static inline int should_deliver(struct net_bridge_port *p, struct sk_buff *skb) return 1; } -int br_dev_queue_push_xmit(struct sk_buff *skb) +int dev_queue_push_xmit(struct sk_buff *skb) { skb_push(skb, ETH_HLEN); dev_queue_xmit(skb); @@ -41,7 +41,7 @@ int br_dev_queue_push_xmit(struct sk_buff *skb) int br_forward_finish(struct sk_buff *skb) { NF_HOOK(PF_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, - br_dev_queue_push_xmit); + dev_queue_push_xmit); return 0; } diff --git a/br-nf-bds/linux2.5/net/bridge/br_input.c b/br-nf-bds/linux2.5/net/bridge/br_input.c index bcfeada..2f15eb6 100644 --- a/br-nf-bds/linux2.5/net/bridge/br_input.c +++ b/br-nf-bds/linux2.5/net/bridge/br_input.c @@ -5,7 +5,7 @@ * Authors: * Lennert Buytenhek <buytenh@gnu.org> * - * $Id: br_input.c,v 1.2 2002/09/10 17:36:25 bdschuym Exp $ + * $Id: br_input.c,v 1.3 2002/09/18 18:26:47 bdschuym Exp $ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -19,10 +19,6 @@ #include <linux/if_bridge.h> #include <linux/netfilter_bridge.h> #include "br_private.h" -#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \ - defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE) -#include <linux/netfilter.h> -#endif unsigned char bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 }; @@ -153,12 +149,9 @@ int br_handle_frame(struct sk_buff *skb) goto handle_special_frame; if (p->state == BR_STATE_FORWARDING) { -#if defined(CONFIG_BRIDGE_EBT_BROUTE) || \ - defined(CONFIG_BRIDGE_EBT_BROUTE_MODULE) - if (broute_decision && broute_decision(NF_BR_BROUTING, &skb, - skb->dev, NULL, NULL) == NF_DROP) + if (br_should_route_hook && br_should_route_hook(&skb)) return -1; -#endif + NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, br_handle_frame_finish); read_unlock(&br->lock); diff --git a/br-nf-bds/linux2.5/net/bridge/br_private.h b/br-nf-bds/linux2.5/net/bridge/br_private.h index 4be0cfc..949c9c1 100644 --- a/br-nf-bds/linux2.5/net/bridge/br_private.h +++ b/br-nf-bds/linux2.5/net/bridge/br_private.h @@ -4,7 +4,7 @@ * Authors: * Lennert Buytenhek <buytenh@gnu.org> * - * $Id: br_private.h,v 1.2 2002/08/24 13:42:35 bdschuym Exp $ + * $Id: br_private.h,v 1.3 2002/09/18 18:28:48 bdschuym Exp $ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License diff --git a/br-nf-bds/linux2.5/net/core/netfilter.c b/br-nf-bds/linux2.5/net/core/netfilter.c index 1a1cb88..198dad6 100644 --- a/br-nf-bds/linux2.5/net/core/netfilter.c +++ b/br-nf-bds/linux2.5/net/core/netfilter.c @@ -418,10 +418,8 @@ static void nf_queue(struct sk_buff *skb, { int status; struct nf_info *info; -#ifdef CONFIG_BRIDGE_NF struct net_device *physindev; struct net_device *physoutdev; -#endif if (!queue_handler[pf].outfn) { kfree_skb(skb); @@ -444,20 +442,16 @@ static void nf_queue(struct sk_buff *skb, if (indev) dev_hold(indev); if (outdev) dev_hold(outdev); -#ifdef CONFIG_BRIDGE_NF if ((physindev = skb->physindev)) dev_hold(physindev); if ((physoutdev = skb->physoutdev)) dev_hold(physoutdev); -#endif status = queue_handler[pf].outfn(skb, info, queue_handler[pf].data); if (status < 0) { /* James M doesn't say fuck enough. */ if (indev) dev_put(indev); if (outdev) dev_put(outdev); -#ifdef CONFIG_BRIDGE_NF if (physindev) dev_put(physindev); if (physoutdev) dev_put(physoutdev); -#endif kfree(info); kfree_skb(skb); return; diff --git a/br-nf-bds/linux2.5/net/core/skbuff.c b/br-nf-bds/linux2.5/net/core/skbuff.c index b8ffeb6..f65e3f8 100644 --- a/br-nf-bds/linux2.5/net/core/skbuff.c +++ b/br-nf-bds/linux2.5/net/core/skbuff.c @@ -4,7 +4,7 @@ * Authors: Alan Cox <iiitac@pyr.swan.ac.uk> * Florian La Roche <rzsfl@rz.uni-sb.de> * - * Version: $Id: skbuff.c,v 1.2 2002/08/24 13:43:15 bdschuym Exp $ + * Version: $Id: skbuff.c,v 1.3 2002/09/18 18:30:53 bdschuym Exp $ * * Fixes: * Alan Cox : Fixed the worst of the load @@ -232,10 +232,8 @@ static inline void skb_headerinit(void *p, kmem_cache_t *cache, skb->sk = NULL; skb->stamp.tv_sec = 0; /* No idea about time */ skb->dev = NULL; -#ifdef CONFIG_BRIDGE_NF skb->physindev = NULL; skb->physoutdev = NULL; -#endif skb->dst = NULL; memset(skb->cb, 0, sizeof(skb->cb)); skb->pkt_type = PACKET_HOST; /* Default type */ @@ -365,10 +363,8 @@ struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask) n->sk = NULL; C(stamp); C(dev); -#ifdef CONFIG_BRIDGE_NF C(physindev); C(physoutdev); -#endif C(h); C(nh); C(mac); @@ -424,10 +420,8 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) new->list = NULL; new->sk = NULL; new->dev = old->dev; -#ifdef CONFIG_BRIDGE_NF new->physindev = old->physindev; new->physoutdev = old->physoutdev; -#endif new->priority = old->priority; new->protocol = old->protocol; new->dst = dst_clone(old->dst); diff --git a/br-nf-bds/linux2.5/net/ipv4/ip_output.c b/br-nf-bds/linux2.5/net/ipv4/ip_output.c index c457da7..0915f26 100644 --- a/br-nf-bds/linux2.5/net/ipv4/ip_output.c +++ b/br-nf-bds/linux2.5/net/ipv4/ip_output.c @@ -5,7 +5,7 @@ * * The Internet Protocol (IP) output module. * - * Version: $Id: ip_output.c,v 1.2 2002/08/24 13:43:43 bdschuym Exp $ + * Version: $Id: ip_output.c,v 1.3 2002/09/18 18:32:12 bdschuym Exp $ * * Authors: Ross Biro, <bir7@leland.Stanford.Edu> * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> @@ -835,10 +835,8 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) skb_set_owner_w(skb2, skb->sk); skb2->dst = dst_clone(skb->dst); skb2->dev = skb->dev; -#ifdef CONFIG_BRIDGE_NF skb2->physindev = skb->physindev; skb2->physoutdev = skb->physoutdev; -#endif /* * Copy the packet header into the new buffer. @@ -902,9 +900,9 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) iph->tot_len = htons(len + hlen); ip_send_check(iph); -#ifdef CONFIG_BRIDGE_NF + + // for bridge-netfilter memcpy(skb2->data - 16, skb->data - 16, 16); -#endif err = output(skb2); if (err) diff --git a/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c b/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c index f898455..0b8d07c 100644 --- a/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c +++ b/br-nf-bds/linux2.5/net/ipv4/netfilter/ip_tables.c @@ -122,19 +122,14 @@ static LIST_HEAD(ipt_tables); static inline int ip_packet_match(const struct iphdr *ip, const char *indev, -#ifdef CONFIG_BRIDGE_NF const char *physindev, -#endif const char *outdev, -#ifdef CONFIG_BRIDGE_NF const char *physoutdev, -#endif const struct ipt_ip *ipinfo, int isfrag) { size_t i; - unsigned long ret; - unsigned long ret2 = 1; + unsigned long ret, ret2; #define FWINV(bool,invflg) ((bool) ^ !!(ipinfo->invflags & invflg)) @@ -164,13 +159,11 @@ ip_packet_match(const struct iphdr *ip, & ((const unsigned long *)ipinfo->iniface_mask)[i]; } -#ifdef CONFIG_BRIDGE_NF for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret2 |= (((const unsigned long *)physindev)[i] ^ ((const unsigned long *)ipinfo->iniface)[i]) & ((const unsigned long *)ipinfo->iniface_mask)[i]; } -#endif if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_IN)) { dprintf("VIA in mismatch (%s vs %s).%s\n", @@ -185,13 +178,11 @@ ip_packet_match(const struct iphdr *ip, & ((const unsigned long *)ipinfo->outiface_mask)[i]; } -#ifdef CONFIG_BRIDGE_NF for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret2 |= (((const unsigned long *)physoutdev)[i] ^ ((const unsigned long *)ipinfo->outiface)[i]) & ((const unsigned long *)ipinfo->outiface_mask)[i]; } -#endif if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_OUT)) { dprintf("VIA out mismatch (%s vs %s).%s\n", @@ -292,9 +283,7 @@ ipt_do_table(struct sk_buff **pskb, /* Initializing verdict to NF_DROP keeps gcc happy. */ unsigned int verdict = NF_DROP; const char *indev, *outdev; -#ifdef CONFIG_BRIDGE_NF const char *physindev, *physoutdev; -#endif void *table_base; struct ipt_entry *e, *back; @@ -304,10 +293,8 @@ ipt_do_table(struct sk_buff **pskb, datalen = (*pskb)->len - ip->ihl * 4; indev = in ? in->name : nulldevname; outdev = out ? out->name : nulldevname; -#ifdef CONFIG_BRIDGE_NF physindev = (*pskb)->physindev ? (*pskb)->physindev->name : nulldevname; physoutdev = (*pskb)->physoutdev ? (*pskb)->physoutdev->name : nulldevname; -#endif /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated @@ -343,14 +330,7 @@ ipt_do_table(struct sk_buff **pskb, IP_NF_ASSERT(e); IP_NF_ASSERT(back); (*pskb)->nfcache |= e->nfcache; - if (ip_packet_match(ip, indev, -#ifdef CONFIG_BRIDGE_NF - physindev, -#endif - outdev, -#ifdef CONFIG_BRIDGE_NF - physoutdev, -#endif + if (ip_packet_match(ip, indev, physindev, outdev, physoutdev, &e->ip, offset)) { struct ipt_entry_target *t; diff --git a/br-nf-bds/linux2.5/net/ipv4/netfilter/ipt_LOG.c b/br-nf-bds/linux2.5/net/ipv4/netfilter/ipt_LOG.c index 2c90f1b..48bb12f 100644 --- a/br-nf-bds/linux2.5/net/ipv4/netfilter/ipt_LOG.c +++ b/br-nf-bds/linux2.5/net/ipv4/netfilter/ipt_LOG.c @@ -286,15 +286,11 @@ ipt_log_target(struct sk_buff **pskb, spin_lock_bh(&log_lock); printk(level_string); printk("%sIN=%s ", loginfo->prefix, in ? in->name : ""); -#ifdef CONFIG_BRIDGE_NF if ((*pskb)->physindev && in != (*pskb)->physindev) printk("PHYSIN=%s ", (*pskb)->physindev->name); -#endif printk("OUT=%s ", out ? out->name : ""); -#ifdef CONFIG_BRIDGE_NF if ((*pskb)->physoutdev && out != (*pskb)->physoutdev) printk("PHYSOUT=%s ", (*pskb)->physoutdev->name); -#endif if (in && !out) { /* MAC logging for input chain only. */ |