From c4c753d456e59ebbef673394c65231c8b85fb292 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Tue, 17 Sep 2002 21:39:55 +0000 Subject: *** empty log message *** --- br-nf-bds/linux/net/ipv4/ip_output.c | 8 +++----- br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c | 24 ++---------------------- 2 files changed, 5 insertions(+), 27 deletions(-) (limited to 'br-nf-bds/linux/net/ipv4') diff --git a/br-nf-bds/linux/net/ipv4/ip_output.c b/br-nf-bds/linux/net/ipv4/ip_output.c index 0429d8f..ad1f552 100644 --- a/br-nf-bds/linux/net/ipv4/ip_output.c +++ b/br-nf-bds/linux/net/ipv4/ip_output.c @@ -5,7 +5,7 @@ * * The Internet Protocol (IP) output module. * - * Version: $Id: ip_output.c,v 1.3 2002/08/24 16:25:17 bdschuym Exp $ + * Version: $Id: ip_output.c,v 1.4 2002/09/17 21:51:08 bdschuym Exp $ * * Authors: Ross Biro, * Fred N. van Kempen, @@ -830,10 +830,8 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) skb_set_owner_w(skb2, skb->sk); skb2->dst = dst_clone(skb->dst); skb2->dev = skb->dev; -#ifdef CONFIG_BRIDGE_NF skb2->physindev = skb->physindev; skb2->physoutdev = skb->physoutdev; -#endif /* * Copy the packet header into the new buffer. @@ -897,9 +895,9 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) iph->tot_len = htons(len + hlen); ip_send_check(iph); -#ifdef CONFIG_BRIDGE_NF + + // for bridge-netfilter memcpy(skb2->data - 16, skb->data - 16, 16); -#endif err = output(skb2); if (err) diff --git a/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c b/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c index 53afb3b..6c203eb 100644 --- a/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c +++ b/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c @@ -122,19 +122,14 @@ static LIST_HEAD(ipt_tables); static inline int ip_packet_match(const struct iphdr *ip, const char *indev, -#ifdef CONFIG_BRIDGE_NF const char *physindev, -#endif const char *outdev, -#ifdef CONFIG_BRIDGE_NF const char *physoutdev, -#endif const struct ipt_ip *ipinfo, int isfrag) { size_t i; - unsigned long ret; - unsigned long ret2 = 1; + unsigned long ret, ret2; #define FWINV(bool,invflg) ((bool) ^ !!(ipinfo->invflags & invflg)) @@ -164,13 +159,11 @@ ip_packet_match(const struct iphdr *ip, & ((const unsigned long *)ipinfo->iniface_mask)[i]; } -#ifdef CONFIG_BRIDGE_NF for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret2 |= (((const unsigned long *)physindev)[i] ^ ((const unsigned long *)ipinfo->iniface)[i]) & ((const unsigned long *)ipinfo->iniface_mask)[i]; } -#endif if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_IN)) { dprintf("VIA in mismatch (%s vs %s).%s\n", @@ -185,13 +178,11 @@ ip_packet_match(const struct iphdr *ip, & ((const unsigned long *)ipinfo->outiface_mask)[i]; } -#ifdef CONFIG_BRIDGE_NF for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret2 |= (((const unsigned long *)physoutdev)[i] ^ ((const unsigned long *)ipinfo->outiface)[i]) & ((const unsigned long *)ipinfo->outiface_mask)[i]; } -#endif if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_OUT)) { dprintf("VIA out mismatch (%s vs %s).%s\n", @@ -292,9 +283,7 @@ ipt_do_table(struct sk_buff **pskb, /* Initializing verdict to NF_DROP keeps gcc happy. */ unsigned int verdict = NF_DROP; const char *indev, *outdev; -#ifdef CONFIG_BRIDGE_NF const char *physindev, *physoutdev; -#endif void *table_base; struct ipt_entry *e, *back; @@ -304,10 +293,8 @@ ipt_do_table(struct sk_buff **pskb, datalen = (*pskb)->len - ip->ihl * 4; indev = in ? in->name : nulldevname; outdev = out ? out->name : nulldevname; -#ifdef CONFIG_BRIDGE_NF physindev = (*pskb)->physindev ? (*pskb)->physindev->name : nulldevname; physoutdev = (*pskb)->physoutdev ? (*pskb)->physoutdev->name : nulldevname; -#endif /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated @@ -344,14 +331,7 @@ ipt_do_table(struct sk_buff **pskb, IP_NF_ASSERT(e); IP_NF_ASSERT(back); (*pskb)->nfcache |= e->nfcache; - if (ip_packet_match(ip, indev, -#ifdef CONFIG_BRIDGE_NF - physindev, -#endif - outdev, -#ifdef CONFIG_BRIDGE_NF - physoutdev, -#endif + if (ip_packet_match(ip, indev, physindev, outdev, physoutdev, &e->ip, offset)) { struct ipt_entry_target *t; -- cgit v1.2.3