diff options
Diffstat (limited to 'br-nf-bds/patches/bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff')
| -rw-r--r-- | br-nf-bds/patches/bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff | 101 |
1 files changed, 44 insertions, 57 deletions
diff --git a/br-nf-bds/patches/bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff b/br-nf-bds/patches/bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff index 74c62cf..bd56344 100644 --- a/br-nf-bds/patches/bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff +++ b/br-nf-bds/patches/bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff @@ -1,7 +1,7 @@ -bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October +bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 20 October --- linux-2.5.42/include/linux/netfilter.h Sat Oct 12 06:22:08 2002 -+++ linux-2.5.42-brnf/include/linux/netfilter.h Sun Oct 13 11:56:17 2002 ++++ linux-2.5.42-brnf/include/linux/netfilter.h Sun Oct 20 15:33:11 2002 @@ -117,17 +117,23 @@ /* This is gross, but inline doesn't cut it for avoiding the function call in fast path: gcc doesn't inline (needs value tracking?). --RR */ @@ -30,7 +30,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October /* Call setsockopt() */ int nf_setsockopt(struct sock *sk, int pf, int optval, char *opt, --- linux-2.5.42/include/linux/netfilter_ipv4.h Sat Oct 12 06:22:18 2002 -+++ linux-2.5.42-brnf/include/linux/netfilter_ipv4.h Sun Oct 13 11:56:17 2002 ++++ linux-2.5.42-brnf/include/linux/netfilter_ipv4.h Sun Oct 20 15:33:11 2002 @@ -52,8 +52,10 @@ enum nf_ip_hook_priorities { NF_IP_PRI_FIRST = INT_MIN, @@ -43,7 +43,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October NF_IP_PRI_NAT_SRC = 100, NF_IP_PRI_LAST = INT_MAX, --- linux-2.5.42/include/linux/netfilter_bridge.h Sat Oct 12 06:22:09 2002 -+++ linux-2.5.42-brnf/include/linux/netfilter_bridge.h Sat Oct 19 12:48:58 2002 ++++ linux-2.5.42-brnf/include/linux/netfilter_bridge.h Sun Oct 20 21:20:53 2002 @@ -6,6 +6,7 @@ #include <linux/config.h> @@ -52,14 +52,13 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October /* Bridge Hooks */ /* After promisc drops, checksum checks. */ -@@ -22,14 +23,41 @@ +@@ -22,14 +23,39 @@ #define NF_BR_BROUTING 5 #define NF_BR_NUMHOOKS 6 +#define BRNF_PKT_TYPE 0x01 +#define BRNF_BRIDGED_DNAT 0x02 +#define BRNF_DONT_TAKE_PARENT 0x04 -+#define BRNF_COPY_HEADER 0x08 + enum nf_br_hook_priorities { NF_BR_PRI_FIRST = INT_MIN, @@ -74,7 +73,6 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October NF_BR_PRI_LAST = INT_MAX, +}; + -+/* Used in br_netfilter.c */ +static inline +struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb) +{ @@ -97,7 +95,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October #endif --- linux-2.5.42/include/linux/skbuff.h Sat Oct 12 06:22:09 2002 -+++ linux-2.5.42-brnf/include/linux/skbuff.h Wed Oct 16 20:39:52 2002 ++++ linux-2.5.42-brnf/include/linux/skbuff.h Sun Oct 20 15:33:11 2002 @@ -96,6 +96,14 @@ struct nf_ct_info { struct nf_conntrack *master; @@ -148,39 +146,42 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October #endif --- linux-2.5.42/net/bridge/br.c Sat Oct 12 06:21:34 2002 -+++ linux-2.5.42-brnf/net/bridge/br.c Sun Oct 13 11:56:17 2002 -@@ -45,6 +45,8 @@ ++++ linux-2.5.42-brnf/net/bridge/br.c Sun Oct 20 21:24:42 2002 +@@ -45,6 +45,10 @@ { printk(KERN_INFO "NET4: Ethernet Bridge 008 for NET4.0\n"); ++#ifdef CONFIG_NETFILTER + if (br_netfilter_init()) + return 1; ++#endif br_handle_frame_hook = br_handle_frame; br_ioctl_hook = br_ioctl_deviceless_stub; #if defined(CONFIG_ATM_LANE) || defined(CONFIG_ATM_LANE_MODULE) -@@ -63,6 +65,7 @@ +@@ -63,6 +67,9 @@ static void __exit br_deinit(void) { ++#ifdef CONFIG_NETFILTER + br_netfilter_fini(); ++#endif unregister_netdevice_notifier(&br_device_notifier); br_call_ioctl_atomic(__br_clear_ioctl_hook); --- linux-2.5.42/net/bridge/br_forward.c Sat Oct 12 06:21:37 2002 -+++ linux-2.5.42-brnf/net/bridge/br_forward.c Sat Oct 19 12:23:23 2002 -@@ -30,18 +30,24 @@ ++++ linux-2.5.42-brnf/net/bridge/br_forward.c Sun Oct 20 21:22:52 2002 +@@ -30,18 +30,23 @@ return 1; } -static int __dev_queue_push_xmit(struct sk_buff *skb) +int br_dev_queue_push_xmit(struct sk_buff *skb) { - skb_push(skb, ETH_HLEN); -+ +#ifdef CONFIG_NETFILTER -+ if (skb->nf_bridge->mask & BRNF_COPY_HEADER) ++ if (skb->nf_bridge) + memcpy(skb->data - 16, skb->nf_bridge->hh, 16); +#endif + skb_push(skb, ETH_HLEN); + dev_queue_xmit(skb); @@ -196,24 +197,16 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October return 0; } -@@ -52,8 +58,14 @@ - #ifdef CONFIG_NETFILTER_DEBUG +@@ -53,7 +58,7 @@ skb->nf_debug = 0; #endif -- NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, + NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, - __br_forward_finish); -+#ifdef CONFIG_NETFILTER -+ /* Used by br_netfilter.c */ -+ if (!skb->nf_bridge && nf_bridge_alloc(skb) == NULL) -+ kfree_skb(skb); -+ else -+#endif -+ NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, + br_forward_finish); } static void __br_forward(struct net_bridge_port *to, struct sk_buff *skb) -@@ -64,7 +76,7 @@ +@@ -64,7 +69,7 @@ skb->dev = to->dev; NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, @@ -223,7 +216,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October /* called under bridge lock */ --- linux-2.5.42/net/bridge/br_input.c Sat Oct 12 06:21:35 2002 -+++ linux-2.5.42-brnf/net/bridge/br_input.c Sat Oct 19 12:16:10 2002 ++++ linux-2.5.42-brnf/net/bridge/br_input.c Sun Oct 20 21:23:29 2002 @@ -49,7 +49,7 @@ br_pass_frame_up_finish); } @@ -233,25 +226,8 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October { struct net_bridge *br; unsigned char *dest; -@@ -154,8 +154,14 @@ - return -1; - } - -- NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, -- br_handle_frame_finish); -+#ifdef CONFIG_NETFILTER -+ /* Used by br_netfilter.c */ -+ if (nf_bridge_alloc(skb) == NULL) -+ kfree_skb(skb); -+ else -+#endif -+ NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, -+ NULL, br_handle_frame_finish); - read_unlock(&br->lock); - return 0; - } --- linux-2.5.42/net/bridge/br_private.h Sat Oct 12 06:21:35 2002 -+++ linux-2.5.42-brnf/net/bridge/br_private.h Sun Oct 13 11:56:17 2002 ++++ linux-2.5.42-brnf/net/bridge/br_private.h Sun Oct 20 15:33:11 2002 @@ -144,8 +144,10 @@ /* br_forward.c */ extern void br_deliver(struct net_bridge_port *to, @@ -283,7 +259,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October /* br_stp.c */ extern int br_is_root_bridge(struct net_bridge *br); --- linux-2.5.42/net/bridge/Makefile Sat Oct 12 06:22:45 2002 -+++ linux-2.5.42-brnf/net/bridge/Makefile Sun Oct 13 11:56:17 2002 ++++ linux-2.5.42-brnf/net/bridge/Makefile Sun Oct 20 15:33:11 2002 @@ -9,6 +9,11 @@ bridge-objs := br.o br_device.o br_fdb.o br_forward.o br_if.o br_input.o \ br_ioctl.o br_notify.o br_stp.o br_stp_bpdu.o \ @@ -297,7 +273,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October include $(TOPDIR)/Rules.make --- linux-2.5.42/net/core/netfilter.c Sat Oct 12 06:22:07 2002 -+++ linux-2.5.42-brnf/net/core/netfilter.c Sat Oct 19 12:36:18 2002 ++++ linux-2.5.42-brnf/net/core/netfilter.c Sun Oct 20 15:33:11 2002 @@ -342,10 +342,15 @@ const struct net_device *indev, const struct net_device *outdev, @@ -374,7 +350,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October switch (verdict) { --- linux-2.5.42/net/core/skbuff.c Sat Oct 12 06:21:34 2002 -+++ linux-2.5.42-brnf/net/core/skbuff.c Wed Oct 16 21:16:25 2002 ++++ linux-2.5.42-brnf/net/core/skbuff.c Sun Oct 20 15:33:11 2002 @@ -248,6 +248,7 @@ #ifdef CONFIG_NETFILTER_DEBUG skb->nf_debug = 0; @@ -416,8 +392,19 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October #endif #ifdef CONFIG_NET_SCHED new->tc_index = old->tc_index; +--- linux-2.5.42/net/ipv4/ip_output.c Sat Oct 12 06:22:45 2002 ++++ linux-2.5.42-brnf/net/ipv4/ip_output.c Sun Oct 20 16:15:47 2002 +@@ -894,6 +894,8 @@ + /* Connection association is same as pre-frag packet */ + skb2->nfct = skb->nfct; + nf_conntrack_get(skb2->nfct); ++ skb2->nf_bridge = skb->nf_bridge; ++ nf_bridge_get(skb2->nf_bridge); + #ifdef CONFIG_NETFILTER_DEBUG + skb2->nf_debug = skb->nf_debug; + #endif --- linux-2.5.42/net/ipv4/netfilter/ip_tables.c Sat Oct 12 06:21:35 2002 -+++ linux-2.5.42-brnf/net/ipv4/netfilter/ip_tables.c Thu Oct 17 22:39:25 2002 ++++ linux-2.5.42-brnf/net/ipv4/netfilter/ip_tables.c Sun Oct 20 15:33:11 2002 @@ -121,12 +121,14 @@ static inline int ip_packet_match(const struct iphdr *ip, @@ -500,7 +487,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October if (IPT_MATCH_ITERATE(e, do_match, --- linux-2.5.42/net/ipv4/netfilter/ipt_LOG.c Sat Oct 12 06:21:38 2002 -+++ linux-2.5.42-brnf/net/ipv4/netfilter/ipt_LOG.c Wed Oct 16 21:54:13 2002 ++++ linux-2.5.42-brnf/net/ipv4/netfilter/ipt_LOG.c Sun Oct 20 15:33:11 2002 @@ -285,10 +285,18 @@ level_string[1] = '0' + (loginfo->level % 8); spin_lock_bh(&log_lock); @@ -525,7 +512,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October /* MAC logging for input chain only. */ printk("MAC="); --- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.5.42-brnf/net/bridge/br_netfilter.c Sat Oct 19 12:25:10 2002 ++++ linux-2.5.42-brnf/net/bridge/br_netfilter.c Sun Oct 20 21:37:15 2002 @@ -0,0 +1,616 @@ +/* + * Handle firewalling @@ -535,7 +522,7 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October + * Lennert Buytenhek <buytenh@gnu.org> + * Bart De Schuymer <bart.de.schuymer@pandora.be> + * -+ * $Id: bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff,v 1.1 2002/10/19 10:46:51 bdschuym Exp $ ++ * $Id: bridge-nf-0.0.10-dev-pre2-against-2.5.42.diff,v 1.2 2002/10/20 19:46:33 bdschuym Exp $ + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License @@ -782,8 +769,9 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October +#ifdef CONFIG_NETFILTER_DEBUG + skb->nf_debug ^= (1 << NF_IP_PRE_ROUTING); +#endif ++ if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) ++ return NF_DROP; + -+ nf_bridge = skb->nf_bridge; + if (skb->pkt_type == PACKET_OTHERHOST) { + skb->pkt_type = PACKET_HOST; + nf_bridge->mask |= BRNF_PKT_TYPE; @@ -1032,7 +1020,6 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October + } + + memcpy(nf_bridge->hh, skb->data - 16, 16); -+ nf_bridge->mask |= BRNF_COPY_HEADER; + + NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, + bridge_parent(skb->dev), br_dev_queue_push_xmit); @@ -1074,8 +1061,8 @@ bridge-nf-0.0.10-dev-pre2-against-2.5.42 - 19 October + struct sk_buff *skb = *pskb; + struct nf_bridge_info *nf_bridge; + -+ if (!skb->nf_bridge) -+ nf_bridge_alloc(skb); ++ if (!skb->nf_bridge && !nf_bridge_alloc(skb)) ++ return NF_DROP; + + nf_bridge = skb->nf_bridge; + |