diff options
| -rw-r--r-- | net/bridge/br_netfilter_hooks.c | 16 |
1 files changed, 4 insertions, 12 deletions
diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c index 13f03671c88d..18905d4781db 100644 --- a/net/bridge/br_netfilter_hooks.c +++ b/net/bridge/br_netfilter_hooks.c | |||
| @@ -111,7 +111,6 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb) | |||
| 111 | /* largest possible L2 header, see br_nf_dev_queue_xmit() */ | 111 | /* largest possible L2 header, see br_nf_dev_queue_xmit() */ |
| 112 | #define NF_BRIDGE_MAX_MAC_HEADER_LENGTH (PPPOE_SES_HLEN + ETH_HLEN) | 112 | #define NF_BRIDGE_MAX_MAC_HEADER_LENGTH (PPPOE_SES_HLEN + ETH_HLEN) |
| 113 | 113 | ||
| 114 | #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) || IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) | ||
| 115 | struct brnf_frag_data { | 114 | struct brnf_frag_data { |
| 116 | char mac[NF_BRIDGE_MAX_MAC_HEADER_LENGTH]; | 115 | char mac[NF_BRIDGE_MAX_MAC_HEADER_LENGTH]; |
| 117 | u8 encap_size; | 116 | u8 encap_size; |
| @@ -121,7 +120,6 @@ struct brnf_frag_data { | |||
| 121 | }; | 120 | }; |
| 122 | 121 | ||
| 123 | static DEFINE_PER_CPU(struct brnf_frag_data, brnf_frag_data_storage); | 122 | static DEFINE_PER_CPU(struct brnf_frag_data, brnf_frag_data_storage); |
| 124 | #endif | ||
| 125 | 123 | ||
| 126 | static void nf_bridge_info_free(struct sk_buff *skb) | 124 | static void nf_bridge_info_free(struct sk_buff *skb) |
| 127 | { | 125 | { |
| @@ -666,7 +664,6 @@ static unsigned int br_nf_forward_arp(void *priv, | |||
| 666 | return NF_STOLEN; | 664 | return NF_STOLEN; |
| 667 | } | 665 | } |
| 668 | 666 | ||
| 669 | #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) || IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) | ||
| 670 | static int br_nf_push_frag_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) | 667 | static int br_nf_push_frag_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) |
| 671 | { | 668 | { |
| 672 | struct brnf_frag_data *data; | 669 | struct brnf_frag_data *data; |
| @@ -696,9 +693,7 @@ static int br_nf_push_frag_xmit_sk(struct sock *sk, struct sk_buff *skb) | |||
| 696 | struct net *net = dev_net(skb_dst(skb)->dev); | 693 | struct net *net = dev_net(skb_dst(skb)->dev); |
| 697 | return br_nf_push_frag_xmit(net, sk, skb); | 694 | return br_nf_push_frag_xmit(net, sk, skb); |
| 698 | } | 695 | } |
| 699 | #endif | ||
| 700 | 696 | ||
| 701 | #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) | ||
| 702 | static int | 697 | static int |
| 703 | br_nf_ip_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, | 698 | br_nf_ip_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, |
| 704 | int (*output)(struct sock *, struct sk_buff *)) | 699 | int (*output)(struct sock *, struct sk_buff *)) |
| @@ -716,7 +711,6 @@ br_nf_ip_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, | |||
| 716 | 711 | ||
| 717 | return ip_do_fragment(sk, skb, output); | 712 | return ip_do_fragment(sk, skb, output); |
| 718 | } | 713 | } |
| 719 | #endif | ||
| 720 | 714 | ||
| 721 | static unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb) | 715 | static unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb) |
| 722 | { | 716 | { |
| @@ -739,11 +733,11 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff | |||
| 739 | 733 | ||
| 740 | nf_bridge = nf_bridge_info_get(skb); | 734 | nf_bridge = nf_bridge_info_get(skb); |
| 741 | 735 | ||
| 742 | #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) | ||
| 743 | /* This is wrong! We should preserve the original fragment | 736 | /* This is wrong! We should preserve the original fragment |
| 744 | * boundaries by preserving frag_list rather than refragmenting. | 737 | * boundaries by preserving frag_list rather than refragmenting. |
| 745 | */ | 738 | */ |
| 746 | if (skb->protocol == htons(ETH_P_IP)) { | 739 | if (IS_ENABLED(CONFIG_NF_DEFRAG_IPV4) && |
| 740 | skb->protocol == htons(ETH_P_IP)) { | ||
| 747 | struct brnf_frag_data *data; | 741 | struct brnf_frag_data *data; |
| 748 | 742 | ||
| 749 | if (br_validate_ipv4(net, skb)) | 743 | if (br_validate_ipv4(net, skb)) |
| @@ -765,9 +759,8 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff | |||
| 765 | 759 | ||
| 766 | return br_nf_ip_fragment(net, sk, skb, br_nf_push_frag_xmit_sk); | 760 | return br_nf_ip_fragment(net, sk, skb, br_nf_push_frag_xmit_sk); |
| 767 | } | 761 | } |
| 768 | #endif | 762 | if (IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) && |
| 769 | #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6) | 763 | skb->protocol == htons(ETH_P_IPV6)) { |
| 770 | if (skb->protocol == htons(ETH_P_IPV6)) { | ||
| 771 | const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); | 764 | const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); |
| 772 | struct brnf_frag_data *data; | 765 | struct brnf_frag_data *data; |
| 773 | 766 | ||
| @@ -791,7 +784,6 @@ static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff | |||
| 791 | kfree_skb(skb); | 784 | kfree_skb(skb); |
| 792 | return -EMSGSIZE; | 785 | return -EMSGSIZE; |
| 793 | } | 786 | } |
| 794 | #endif | ||
| 795 | nf_bridge_info_free(skb); | 787 | nf_bridge_info_free(skb); |
| 796 | return br_dev_queue_push_xmit(net, sk, skb); | 788 | return br_dev_queue_push_xmit(net, sk, skb); |
| 797 | drop: | 789 | drop: |