#define brnf_filter_vlan_tagged 1
#endif
-#define IS_VLAN_IP (skb->protocol == htons(ETH_P_8021Q) && \
- hdr->h_vlan_encapsulated_proto == htons(ETH_P_IP) && \
- brnf_filter_vlan_tagged)
-#define IS_VLAN_IPV6 (skb->protocol == htons(ETH_P_8021Q) && \
- hdr->h_vlan_encapsulated_proto == htons(ETH_P_IPV6) && \
- brnf_filter_vlan_tagged)
-#define IS_VLAN_ARP (skb->protocol == htons(ETH_P_8021Q) && \
- hdr->h_vlan_encapsulated_proto == htons(ETH_P_ARP) && \
- brnf_filter_vlan_tagged)
+static __be16 inline vlan_proto(const struct sk_buff *skb)
+{
+ return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
+}
+
+#define IS_VLAN_IP(skb) \
+ (skb->protocol == htons(ETH_P_8021Q) && \
+ vlan_proto(skb) == htons(ETH_P_IP) && \
+ brnf_filter_vlan_tagged)
+
+#define IS_VLAN_IPV6(skb) \
+ (skb->protocol == htons(ETH_P_8021Q) && \
+ vlan_proto(skb) == htons(ETH_P_IPV6) &&\
+ brnf_filter_vlan_tagged)
+
+#define IS_VLAN_ARP(skb) \
+ (skb->protocol == htons(ETH_P_8021Q) && \
+ vlan_proto(skb) == htons(ETH_P_ARP) && \
+ brnf_filter_vlan_tagged)
/* We need these fake structures to make netfilter happy --
* lots of places assume that skb->dst != NULL, which isn't
return port ? port->br->dev : NULL;
}
+static inline struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
+{
+ skb->nf_bridge = kzalloc(sizeof(struct nf_bridge_info), GFP_ATOMIC);
+ if (likely(skb->nf_bridge))
+ atomic_set(&(skb->nf_bridge->use), 1);
+
+ return skb->nf_bridge;
+}
+
+static inline void nf_bridge_save_header(struct sk_buff *skb)
+{
+ int header_size = 16;
+
+ if (skb->protocol == htons(ETH_P_8021Q))
+ header_size = 18;
+
+ memcpy(skb->nf_bridge->data, skb->data - header_size, header_size);
+}
+
/* PF_BRIDGE/PRE_ROUTING *********************************************/
/* Undo the changes made for ip6tables PREROUTING and continue the
* bridge PRE_ROUTING hook. */
{
struct ipv6hdr *hdr;
u32 pkt_len;
- struct nf_bridge_info *nf_bridge;
if (skb->len < sizeof(struct ipv6hdr))
goto inhdr_error;
if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {
if (pkt_len + sizeof(struct ipv6hdr) > skb->len)
goto inhdr_error;
- if (pkt_len + sizeof(struct ipv6hdr) < skb->len) {
- if (__pskb_trim(skb, pkt_len + sizeof(struct ipv6hdr)))
- goto inhdr_error;
- if (skb->ip_summed == CHECKSUM_HW)
- skb->ip_summed = CHECKSUM_NONE;
- }
+ if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
+ goto inhdr_error;
}
if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb))
goto inhdr_error;
nf_bridge_put(skb->nf_bridge);
- if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
+ if (!nf_bridge_alloc(skb))
return NF_DROP;
if (!setup_pre_routing(skb))
return NF_DROP;
struct iphdr *iph;
__u32 len;
struct sk_buff *skb = *pskb;
- struct nf_bridge_info *nf_bridge;
- struct vlan_ethhdr *hdr = vlan_eth_hdr(*pskb);
- if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6) {
+ if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb)) {
#ifdef CONFIG_SYSCTL
if (!brnf_call_ip6tables)
return NF_ACCEPT;
return NF_ACCEPT;
#endif
- if (skb->protocol != htons(ETH_P_IP) && !IS_VLAN_IP)
+ if (skb->protocol != htons(ETH_P_IP) && !IS_VLAN_IP(skb))
return NF_ACCEPT;
if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
if (skb->len < len || len < 4 * iph->ihl)
goto inhdr_error;
- if (skb->len > len) {
- __pskb_trim(skb, len);
- if (skb->ip_summed == CHECKSUM_HW)
- skb->ip_summed = CHECKSUM_NONE;
- }
+ pskb_trim_rcsum(skb, len);
nf_bridge_put(skb->nf_bridge);
- if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
+ if (!nf_bridge_alloc(skb))
return NF_DROP;
if (!setup_pre_routing(skb))
return NF_DROP;
{
struct nf_bridge_info *nf_bridge = skb->nf_bridge;
struct net_device *in;
- struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
- if (skb->protocol != htons(ETH_P_ARP) && !IS_VLAN_ARP) {
+ if (skb->protocol != htons(ETH_P_ARP) && !IS_VLAN_ARP(skb)) {
in = nf_bridge->physindev;
if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST;
{
struct sk_buff *skb = *pskb;
struct nf_bridge_info *nf_bridge;
- struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
struct net_device *parent;
int pf;
if (!parent)
return NF_DROP;
- if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP)
+ if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
pf = PF_INET;
else
pf = PF_INET6;
int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
- struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
struct net_device **d = (struct net_device **)(skb->cb);
#ifdef CONFIG_SYSCTL
#endif
if (skb->protocol != htons(ETH_P_ARP)) {
- if (!IS_VLAN_ARP)
+ if (!IS_VLAN_ARP(skb))
return NF_ACCEPT;
skb_pull(*pskb, VLAN_HLEN);
(*pskb)->nh.raw += VLAN_HLEN;
}
if (skb->nh.arph->ar_pln != 4) {
- if (IS_VLAN_ARP) {
+ if (IS_VLAN_ARP(skb)) {
skb_push(*pskb, VLAN_HLEN);
(*pskb)->nh.raw -= VLAN_HLEN;
}
struct net_device *realindev, *realoutdev;
struct sk_buff *skb = *pskb;
struct nf_bridge_info *nf_bridge;
- struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
int pf;
if (!skb->nf_bridge)
return NF_ACCEPT;
- if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP)
+ if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
pf = PF_INET;
else
pf = PF_INET6;
return NF_STOLEN;
}
+static int br_nf_dev_queue_xmit(struct sk_buff *skb)
+{
+ if (skb->protocol == htons(ETH_P_IP) &&
+ skb->len > skb->dev->mtu &&
+ !(skb_shinfo(skb)->ufo_size || skb_shinfo(skb)->tso_size))
+ return ip_fragment(skb, br_dev_queue_push_xmit);
+ else
+ return br_dev_queue_push_xmit(skb);
+}
/* PF_BRIDGE/POST_ROUTING ********************************************/
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
{
struct sk_buff *skb = *pskb;
struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;
- struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
struct net_device *realoutdev = bridge_parent(skb->dev);
int pf;
if (!realoutdev)
return NF_DROP;
- if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP)
+ if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
pf = PF_INET;
else
pf = PF_INET6;
realoutdev = nf_bridge->netoutdev;
#endif
NF_HOOK(pf, NF_IP_POST_ROUTING, skb, NULL, realoutdev,
- br_dev_queue_push_xmit);
+ br_nf_dev_queue_xmit);
return NF_STOLEN;
if ((out->hard_start_xmit == br_dev_xmit &&
okfn != br_nf_forward_finish &&
- okfn != br_nf_local_out_finish && okfn != br_dev_queue_push_xmit)
+ okfn != br_nf_local_out_finish && okfn != br_nf_dev_queue_xmit)
#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
|| ((out->priv_flags & IFF_802_1Q_VLAN) &&
VLAN_DEV_INFO(out)->real_dev->hard_start_xmit == br_dev_xmit)