aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-08-09 23:22:10 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2005-08-29 18:51:15 -0400
commitfbcd923c3e0c8ec9e4ed64f5a4e5766807b32729 (patch)
tree68aa12364efe574d3c8fa667ad088c8746843a5d /net/netfilter
parentf6ebe77f955d77a988ce726f0818ec0103b11323 (diff)
[NETFILTER]: add correct bridging support to nfnetlink_{queue,log}
This patch adds support for passing the real 'physical' device ifindex down to userspace via nfnetlink_log and nfnetlink_queue. This feature basically obsoletes net/bridge/netfilter/ebt_ulog.c, and it is likely ebt_ulog.c will die with one of the next couple of patches. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/nfnetlink_log.c58
-rw-r--r--net/netfilter/nfnetlink_queue.c58
2 files changed, 116 insertions, 0 deletions
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index 11584289c26..464c9fa2934 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -33,6 +33,10 @@
33 33
34#include <asm/atomic.h> 34#include <asm/atomic.h>
35 35
36#ifdef CONFIG_BRIDGE_NETFILTER
37#include "../bridge/br_private.h"
38#endif
39
36#define NFULNL_NLBUFSIZ_DEFAULT 4096 40#define NFULNL_NLBUFSIZ_DEFAULT 4096
37#define NFULNL_TIMEOUT_DEFAULT 100 /* every second */ 41#define NFULNL_TIMEOUT_DEFAULT 100 /* every second */
38#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */ 42#define NFULNL_QTHRESH_DEFAULT 100 /* 100 packets */
@@ -412,14 +416,64 @@ __build_packet_message(struct nfulnl_instance *inst,
412 416
413 if (indev) { 417 if (indev) {
414 tmp_uint = htonl(indev->ifindex); 418 tmp_uint = htonl(indev->ifindex);
419#ifndef CONFIG_BRIDGE_NETFILTER
415 NFA_PUT(inst->skb, NFULA_IFINDEX_INDEV, sizeof(tmp_uint), 420 NFA_PUT(inst->skb, NFULA_IFINDEX_INDEV, sizeof(tmp_uint),
416 &tmp_uint); 421 &tmp_uint);
422#else
423 if (pf == PF_BRIDGE) {
424 /* Case 1: outdev is physical input device, we need to
425 * look for bridge group (when called from
426 * netfilter_bridge) */
427 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSINDEV,
428 sizeof(tmp_uint), &tmp_uint);
429 /* this is the bridge group "brX" */
430 tmp_uint = htonl(indev->br_port->br->dev->ifindex);
431 NFA_PUT(inst->skb, NFULA_IFINDEX_INDEV,
432 sizeof(tmp_uint), &tmp_uint);
433 } else {
434 /* Case 2: indev is bridge group, we need to look for
435 * physical device (when called from ipv4) */
436 NFA_PUT(inst->skb, NFULA_IFINDEX_INDEV,
437 sizeof(tmp_uint), &tmp_uint);
438 if (skb->nf_bridge && skb->nf_bridge->physindev) {
439 tmp_uint =
440 htonl(skb->nf_bridge->physindev->ifindex);
441 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSINDEV,
442 sizeof(tmp_uint), &tmp_uint);
443 }
444 }
445#endif
417 } 446 }
418 447
419 if (outdev) { 448 if (outdev) {
420 tmp_uint = htonl(outdev->ifindex); 449 tmp_uint = htonl(outdev->ifindex);
450#ifndef CONFIG_BRIDGE_NETFILTER
421 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, sizeof(tmp_uint), 451 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV, sizeof(tmp_uint),
422 &tmp_uint); 452 &tmp_uint);
453#else
454 if (pf == PF_BRIDGE) {
455 /* Case 1: outdev is physical output device, we need to
456 * look for bridge group (when called from
457 * netfilter_bridge) */
458 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV,
459 sizeof(tmp_uint), &tmp_uint);
460 /* this is the bridge group "brX" */
461 tmp_uint = htonl(outdev->br_port->br->dev->ifindex);
462 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV,
463 sizeof(tmp_uint), &tmp_uint);
464 } else {
465 /* Case 2: indev is a bridge group, we need to look
466 * for physical device (when called from ipv4) */
467 NFA_PUT(inst->skb, NFULA_IFINDEX_OUTDEV,
468 sizeof(tmp_uint), &tmp_uint);
469 if (skb->nf_bridge) {
470 tmp_uint =
471 htonl(skb->nf_bridge->physoutdev->ifindex);
472 NFA_PUT(inst->skb, NFULA_IFINDEX_PHYSOUTDEV,
473 sizeof(tmp_uint), &tmp_uint);
474 }
475 }
476#endif
423 } 477 }
424 478
425 if (skb->nfmark) { 479 if (skb->nfmark) {
@@ -536,6 +590,10 @@ nfulnl_log_packet(unsigned int pf,
536 + NFA_SPACE(sizeof(struct nfulnl_msg_packet_hdr)) 590 + NFA_SPACE(sizeof(struct nfulnl_msg_packet_hdr))
537 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 591 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
538 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */ 592 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
593#ifdef CONFIG_BRIDGE_NETFILTER
594 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
595 + NFA_SPACE(sizeof(u_int32_t)) /* ifindex */
596#endif
539 + NFA_SPACE(sizeof(u_int32_t)) /* mark */ 597 + NFA_SPACE(sizeof(u_int32_t)) /* mark */
540 + NFA_SPACE(sizeof(u_int32_t)) /* uid */ 598 + NFA_SPACE(sizeof(u_int32_t)) /* uid */
541 + NFA_SPACE(NFULNL_PREFIXLEN) /* prefix */ 599 + NFA_SPACE(NFULNL_PREFIXLEN) /* prefix */
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 04323ee1eb8..bf9223084b4 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -30,6 +30,10 @@
30 30
31#include <asm/atomic.h> 31#include <asm/atomic.h>
32 32
33#ifdef CONFIG_BRIDGE_NETFILTER
34#include "../bridge/br_private.h"
35#endif
36
33#define NFQNL_QMAX_DEFAULT 1024 37#define NFQNL_QMAX_DEFAULT 1024
34 38
35#if 0 39#if 0
@@ -361,6 +365,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
361 size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) 365 size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
362 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 366 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
363 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ 367 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
368#ifdef CONFIG_BRIDGE_NETFILTER
369 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
370 + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
371#endif
364 + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ 372 + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */
365 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) 373 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw))
366 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); 374 + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
@@ -412,12 +420,62 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
412 420
413 if (entry->info->indev) { 421 if (entry->info->indev) {
414 tmp_uint = htonl(entry->info->indev->ifindex); 422 tmp_uint = htonl(entry->info->indev->ifindex);
423#ifndef CONFIG_BRIDGE_NETFILTER
415 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); 424 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint);
425#else
426 if (entry->info->pf == PF_BRIDGE) {
427 /* Case 1: indev is physical input device, we need to
428 * look for bridge group (when called from
429 * netfilter_bridge) */
430 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint),
431 &tmp_uint);
432 /* this is the bridge group "brX" */
433 tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex);
434 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
435 &tmp_uint);
436 } else {
437 /* Case 2: indev is bridge group, we need to look for
438 * physical device (when called from ipv4) */
439 NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
440 &tmp_uint);
441 if (entry->skb->nf_bridge
442 && entry->skb->nf_bridge->physindev) {
443 tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex);
444 NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV,
445 sizeof(tmp_uint), &tmp_uint);
446 }
447 }
448#endif
416 } 449 }
417 450
418 if (entry->info->outdev) { 451 if (entry->info->outdev) {
419 tmp_uint = htonl(entry->info->outdev->ifindex); 452 tmp_uint = htonl(entry->info->outdev->ifindex);
453#ifndef CONFIG_BRIDGE_NETFILTER
420 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); 454 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint);
455#else
456 if (entry->info->pf == PF_BRIDGE) {
457 /* Case 1: outdev is physical output device, we need to
458 * look for bridge group (when called from
459 * netfilter_bridge) */
460 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint),
461 &tmp_uint);
462 /* this is the bridge group "brX" */
463 tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex);
464 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
465 &tmp_uint);
466 } else {
467 /* Case 2: outdev is bridge group, we need to look for
468 * physical output device (when called from ipv4) */
469 NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
470 &tmp_uint);
471 if (entry->skb->nf_bridge
472 && entry->skb->nf_bridge->physoutdev) {
473 tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex);
474 NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV,
475 sizeof(tmp_uint), &tmp_uint);
476 }
477 }
478#endif
421 } 479 }
422 480
423 if (entry->skb->nfmark) { 481 if (entry->skb->nfmark) {