From c96e724b48fabf7f8e7dcf0f763cde12563fb678 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Sat, 24 Aug 2002 16:23:01 +0000 Subject: *** empty log message *** --- br-nf-bds/linux/include/linux/netfilter.h | 2 +- br-nf-bds/linux/include/linux/skbuff.h | 2 ++ br-nf-bds/linux/net/bridge/br_private.h | 3 +-- br-nf-bds/linux/net/core/netfilter.c | 6 ++++++ br-nf-bds/linux/net/core/skbuff.c | 8 +++++++- br-nf-bds/linux/net/ipv4/ip_output.c | 6 +++++- br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c | 24 ++++++++++++++++++++++-- br-nf-bds/linux/net/ipv4/netfilter/ipt_LOG.c | 4 ++++ 8 files changed, 48 insertions(+), 7 deletions(-) (limited to 'br-nf-bds') diff --git a/br-nf-bds/linux/include/linux/netfilter.h b/br-nf-bds/linux/include/linux/netfilter.h index eb1adc6..3ae5a64 100644 --- a/br-nf-bds/linux/include/linux/netfilter.h +++ b/br-nf-bds/linux/include/linux/netfilter.h @@ -118,7 +118,7 @@ extern struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS]; call in fast path: gcc doesn't inline (needs value tracking?). --RR */ #ifdef CONFIG_NETFILTER_DEBUG #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ - nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN) + nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN) #define NF_HOOK_THRESH nf_hook_slow #else #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ diff --git a/br-nf-bds/linux/include/linux/skbuff.h b/br-nf-bds/linux/include/linux/skbuff.h index 257b586..5a6ce25 100644 --- a/br-nf-bds/linux/include/linux/skbuff.h +++ b/br-nf-bds/linux/include/linux/skbuff.h @@ -135,8 +135,10 @@ struct sk_buff { struct sock *sk; /* Socket we are owned by */ struct timeval stamp; /* Time we arrived */ struct net_device *dev; /* Device we arrived on/are leaving by */ +#ifdef CONFIG_BRIDGE_NF struct net_device *physindev; /* Physical device we arrived on */ struct net_device *physoutdev; /* Physical device we will leave by */ +#endif /* Transport layer header */ union diff --git a/br-nf-bds/linux/net/bridge/br_private.h b/br-nf-bds/linux/net/bridge/br_private.h index 540a330..46cf249 100644 --- a/br-nf-bds/linux/net/bridge/br_private.h +++ b/br-nf-bds/linux/net/bridge/br_private.h @@ -4,7 +4,7 @@ * Authors: * Lennert Buytenhek * - * $Id: br_private.h,v 1.2 2002/08/24 08:44:41 bdschuym Exp $ + * $Id: br_private.h,v 1.3 2002/08/24 16:23:34 bdschuym Exp $ * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -120,7 +120,6 @@ extern void br_dec_use_count(void); extern void br_inc_use_count(void); /* br_device.c */ -extern int br_dev_xmit(struct sk_buff *skb, struct net_device *dev); extern void br_dev_setup(struct net_device *dev); extern int br_dev_xmit(struct sk_buff *skb, struct net_device *dev); diff --git a/br-nf-bds/linux/net/core/netfilter.c b/br-nf-bds/linux/net/core/netfilter.c index 198dad6..1a1cb88 100644 --- a/br-nf-bds/linux/net/core/netfilter.c +++ b/br-nf-bds/linux/net/core/netfilter.c @@ -418,8 +418,10 @@ static void nf_queue(struct sk_buff *skb, { int status; struct nf_info *info; +#ifdef CONFIG_BRIDGE_NF struct net_device *physindev; struct net_device *physoutdev; +#endif if (!queue_handler[pf].outfn) { kfree_skb(skb); @@ -442,16 +444,20 @@ static void nf_queue(struct sk_buff *skb, if (indev) dev_hold(indev); if (outdev) dev_hold(outdev); +#ifdef CONFIG_BRIDGE_NF if ((physindev = skb->physindev)) dev_hold(physindev); if ((physoutdev = skb->physoutdev)) dev_hold(physoutdev); +#endif status = queue_handler[pf].outfn(skb, info, queue_handler[pf].data); if (status < 0) { /* James M doesn't say fuck enough. */ if (indev) dev_put(indev); if (outdev) dev_put(outdev); +#ifdef CONFIG_BRIDGE_NF if (physindev) dev_put(physindev); if (physoutdev) dev_put(physoutdev); +#endif kfree(info); kfree_skb(skb); return; diff --git a/br-nf-bds/linux/net/core/skbuff.c b/br-nf-bds/linux/net/core/skbuff.c index d492fed..0e9e70b 100644 --- a/br-nf-bds/linux/net/core/skbuff.c +++ b/br-nf-bds/linux/net/core/skbuff.c @@ -4,7 +4,7 @@ * Authors: Alan Cox * Florian La Roche * - * Version: $Id: skbuff.c,v 1.2 2002/08/24 08:45:29 bdschuym Exp $ + * Version: $Id: skbuff.c,v 1.3 2002/08/24 16:24:13 bdschuym Exp $ * * Fixes: * Alan Cox : Fixed the worst of the load balancer bugs. @@ -231,8 +231,10 @@ static inline void skb_headerinit(void *p, kmem_cache_t *cache, skb->sk = NULL; skb->stamp.tv_sec=0; /* No idea about time */ skb->dev = NULL; +#ifdef CONFIG_BRIDGE_NF skb->physindev = NULL; skb->physoutdev = NULL; +#endif skb->dst = NULL; memset(skb->cb, 0, sizeof(skb->cb)); skb->pkt_type = PACKET_HOST; /* Default type */ @@ -364,8 +366,10 @@ struct sk_buff *skb_clone(struct sk_buff *skb, int gfp_mask) n->sk = NULL; C(stamp); C(dev); +#ifdef CONFIG_BRIDGE_NF C(physindev); C(physoutdev); +#endif C(h); C(nh); C(mac); @@ -421,8 +425,10 @@ static void copy_skb_header(struct sk_buff *new, const struct sk_buff *old) new->list=NULL; new->sk=NULL; new->dev=old->dev; +#ifdef CONFIG_BRIDGE_NF new->physindev=old->physindev; new->physoutdev=old->physoutdev; +#endif new->priority=old->priority; new->protocol=old->protocol; new->dst=dst_clone(old->dst); diff --git a/br-nf-bds/linux/net/ipv4/ip_output.c b/br-nf-bds/linux/net/ipv4/ip_output.c index 2da82b4..0429d8f 100644 --- a/br-nf-bds/linux/net/ipv4/ip_output.c +++ b/br-nf-bds/linux/net/ipv4/ip_output.c @@ -5,7 +5,7 @@ * * The Internet Protocol (IP) output module. * - * Version: $Id: ip_output.c,v 1.2 2002/08/24 08:46:04 bdschuym Exp $ + * Version: $Id: ip_output.c,v 1.3 2002/08/24 16:25:17 bdschuym Exp $ * * Authors: Ross Biro, * Fred N. van Kempen, @@ -830,8 +830,10 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) skb_set_owner_w(skb2, skb->sk); skb2->dst = dst_clone(skb->dst); skb2->dev = skb->dev; +#ifdef CONFIG_BRIDGE_NF skb2->physindev = skb->physindev; skb2->physoutdev = skb->physoutdev; +#endif /* * Copy the packet header into the new buffer. @@ -895,7 +897,9 @@ int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff*)) iph->tot_len = htons(len + hlen); ip_send_check(iph); +#ifdef CONFIG_BRIDGE_NF memcpy(skb2->data - 16, skb->data - 16, 16); +#endif err = output(skb2); if (err) diff --git a/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c b/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c index b9f47ea..53afb3b 100644 --- a/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c +++ b/br-nf-bds/linux/net/ipv4/netfilter/ip_tables.c @@ -122,15 +122,19 @@ static LIST_HEAD(ipt_tables); static inline int ip_packet_match(const struct iphdr *ip, const char *indev, +#ifdef CONFIG_BRIDGE_NF const char *physindev, +#endif const char *outdev, +#ifdef CONFIG_BRIDGE_NF const char *physoutdev, +#endif const struct ipt_ip *ipinfo, int isfrag) { size_t i; unsigned long ret; - unsigned long ret2; + unsigned long ret2 = 1; #define FWINV(bool,invflg) ((bool) ^ !!(ipinfo->invflags & invflg)) @@ -160,11 +164,13 @@ ip_packet_match(const struct iphdr *ip, & ((const unsigned long *)ipinfo->iniface_mask)[i]; } +#ifdef CONFIG_BRIDGE_NF for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret2 |= (((const unsigned long *)physindev)[i] ^ ((const unsigned long *)ipinfo->iniface)[i]) & ((const unsigned long *)ipinfo->iniface_mask)[i]; } +#endif if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_IN)) { dprintf("VIA in mismatch (%s vs %s).%s\n", @@ -179,11 +185,13 @@ ip_packet_match(const struct iphdr *ip, & ((const unsigned long *)ipinfo->outiface_mask)[i]; } +#ifdef CONFIG_BRIDGE_NF for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { ret2 |= (((const unsigned long *)physoutdev)[i] ^ ((const unsigned long *)ipinfo->outiface)[i]) & ((const unsigned long *)ipinfo->outiface_mask)[i]; } +#endif if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_OUT)) { dprintf("VIA out mismatch (%s vs %s).%s\n", @@ -284,7 +292,9 @@ ipt_do_table(struct sk_buff **pskb, /* Initializing verdict to NF_DROP keeps gcc happy. */ unsigned int verdict = NF_DROP; const char *indev, *outdev; +#ifdef CONFIG_BRIDGE_NF const char *physindev, *physoutdev; +#endif void *table_base; struct ipt_entry *e, *back; @@ -294,8 +304,10 @@ ipt_do_table(struct sk_buff **pskb, datalen = (*pskb)->len - ip->ihl * 4; indev = in ? in->name : nulldevname; outdev = out ? out->name : nulldevname; +#ifdef CONFIG_BRIDGE_NF physindev = (*pskb)->physindev ? (*pskb)->physindev->name : nulldevname; physoutdev = (*pskb)->physoutdev ? (*pskb)->physoutdev->name : nulldevname; +#endif /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated @@ -332,7 +344,15 @@ ipt_do_table(struct sk_buff **pskb, IP_NF_ASSERT(e); IP_NF_ASSERT(back); (*pskb)->nfcache |= e->nfcache; - if (ip_packet_match(ip, indev, physindev, outdev, physoutdev, &e->ip, offset)) { + if (ip_packet_match(ip, indev, +#ifdef CONFIG_BRIDGE_NF + physindev, +#endif + outdev, +#ifdef CONFIG_BRIDGE_NF + physoutdev, +#endif + &e->ip, offset)) { struct ipt_entry_target *t; if (IPT_MATCH_ITERATE(e, do_match, diff --git a/br-nf-bds/linux/net/ipv4/netfilter/ipt_LOG.c b/br-nf-bds/linux/net/ipv4/netfilter/ipt_LOG.c index 48bb12f..2c90f1b 100644 --- a/br-nf-bds/linux/net/ipv4/netfilter/ipt_LOG.c +++ b/br-nf-bds/linux/net/ipv4/netfilter/ipt_LOG.c @@ -286,11 +286,15 @@ ipt_log_target(struct sk_buff **pskb, spin_lock_bh(&log_lock); printk(level_string); printk("%sIN=%s ", loginfo->prefix, in ? in->name : ""); +#ifdef CONFIG_BRIDGE_NF if ((*pskb)->physindev && in != (*pskb)->physindev) printk("PHYSIN=%s ", (*pskb)->physindev->name); +#endif printk("OUT=%s ", out ? out->name : ""); +#ifdef CONFIG_BRIDGE_NF if ((*pskb)->physoutdev && out != (*pskb)->physoutdev) printk("PHYSOUT=%s ", (*pskb)->physoutdev->name); +#endif if (in && !out) { /* MAC logging for input chain only. */ -- cgit v1.2.3