diff options
Diffstat (limited to 'net/bridge')
37 files changed, 1153 insertions, 555 deletions
diff --git a/net/bridge/Kconfig b/net/bridge/Kconfig index d115d5cea5b..9190ae462cb 100644 --- a/net/bridge/Kconfig +++ b/net/bridge/Kconfig | |||
@@ -33,14 +33,14 @@ config BRIDGE | |||
33 | If unsure, say N. | 33 | If unsure, say N. |
34 | 34 | ||
35 | config BRIDGE_IGMP_SNOOPING | 35 | config BRIDGE_IGMP_SNOOPING |
36 | bool "IGMP snooping" | 36 | bool "IGMP/MLD snooping" |
37 | depends on BRIDGE | 37 | depends on BRIDGE |
38 | depends on INET | 38 | depends on INET |
39 | default y | 39 | default y |
40 | ---help--- | 40 | ---help--- |
41 | If you say Y here, then the Ethernet bridge will be able selectively | 41 | If you say Y here, then the Ethernet bridge will be able selectively |
42 | forward multicast traffic based on IGMP traffic received from each | 42 | forward multicast traffic based on IGMP/MLD traffic received from |
43 | port. | 43 | each port. |
44 | 44 | ||
45 | Say N to exclude this support and reduce the binary size. | 45 | Say N to exclude this support and reduce the binary size. |
46 | 46 | ||
diff --git a/net/bridge/br.c b/net/bridge/br.c index e1241c76239..76357b54775 100644 --- a/net/bridge/br.c +++ b/net/bridge/br.c | |||
@@ -38,7 +38,7 @@ static int __init br_init(void) | |||
38 | 38 | ||
39 | err = stp_proto_register(&br_stp_proto); | 39 | err = stp_proto_register(&br_stp_proto); |
40 | if (err < 0) { | 40 | if (err < 0) { |
41 | printk(KERN_ERR "bridge: can't register sap for STP\n"); | 41 | pr_err("bridge: can't register sap for STP\n"); |
42 | return err; | 42 | return err; |
43 | } | 43 | } |
44 | 44 | ||
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 90a9024e5c1..eedf2c94820 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c | |||
@@ -13,8 +13,11 @@ | |||
13 | 13 | ||
14 | #include <linux/kernel.h> | 14 | #include <linux/kernel.h> |
15 | #include <linux/netdevice.h> | 15 | #include <linux/netdevice.h> |
16 | #include <linux/netpoll.h> | ||
16 | #include <linux/etherdevice.h> | 17 | #include <linux/etherdevice.h> |
17 | #include <linux/ethtool.h> | 18 | #include <linux/ethtool.h> |
19 | #include <linux/list.h> | ||
20 | #include <linux/netfilter_bridge.h> | ||
18 | 21 | ||
19 | #include <asm/uaccess.h> | 22 | #include <asm/uaccess.h> |
20 | #include "br_private.h" | 23 | #include "br_private.h" |
@@ -26,16 +29,24 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) | |||
26 | const unsigned char *dest = skb->data; | 29 | const unsigned char *dest = skb->data; |
27 | struct net_bridge_fdb_entry *dst; | 30 | struct net_bridge_fdb_entry *dst; |
28 | struct net_bridge_mdb_entry *mdst; | 31 | struct net_bridge_mdb_entry *mdst; |
32 | struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats); | ||
29 | 33 | ||
30 | BR_INPUT_SKB_CB(skb)->brdev = dev; | 34 | #ifdef CONFIG_BRIDGE_NETFILTER |
35 | if (skb->nf_bridge && (skb->nf_bridge->mask & BRNF_BRIDGED_DNAT)) { | ||
36 | br_nf_pre_routing_finish_bridge_slow(skb); | ||
37 | return NETDEV_TX_OK; | ||
38 | } | ||
39 | #endif | ||
31 | 40 | ||
32 | dev->stats.tx_packets++; | 41 | brstats->tx_packets++; |
33 | dev->stats.tx_bytes += skb->len; | 42 | brstats->tx_bytes += skb->len; |
43 | |||
44 | BR_INPUT_SKB_CB(skb)->brdev = dev; | ||
34 | 45 | ||
35 | skb_reset_mac_header(skb); | 46 | skb_reset_mac_header(skb); |
36 | skb_pull(skb, ETH_HLEN); | 47 | skb_pull(skb, ETH_HLEN); |
37 | 48 | ||
38 | if (dest[0] & 1) { | 49 | if (is_multicast_ether_addr(dest)) { |
39 | if (br_multicast_rcv(br, NULL, skb)) | 50 | if (br_multicast_rcv(br, NULL, skb)) |
40 | goto out; | 51 | goto out; |
41 | 52 | ||
@@ -81,6 +92,31 @@ static int br_dev_stop(struct net_device *dev) | |||
81 | return 0; | 92 | return 0; |
82 | } | 93 | } |
83 | 94 | ||
95 | static struct net_device_stats *br_get_stats(struct net_device *dev) | ||
96 | { | ||
97 | struct net_bridge *br = netdev_priv(dev); | ||
98 | struct net_device_stats *stats = &dev->stats; | ||
99 | struct br_cpu_netstats sum = { 0 }; | ||
100 | unsigned int cpu; | ||
101 | |||
102 | for_each_possible_cpu(cpu) { | ||
103 | const struct br_cpu_netstats *bstats | ||
104 | = per_cpu_ptr(br->stats, cpu); | ||
105 | |||
106 | sum.tx_bytes += bstats->tx_bytes; | ||
107 | sum.tx_packets += bstats->tx_packets; | ||
108 | sum.rx_bytes += bstats->rx_bytes; | ||
109 | sum.rx_packets += bstats->rx_packets; | ||
110 | } | ||
111 | |||
112 | stats->tx_bytes = sum.tx_bytes; | ||
113 | stats->tx_packets = sum.tx_packets; | ||
114 | stats->rx_bytes = sum.rx_bytes; | ||
115 | stats->rx_packets = sum.rx_packets; | ||
116 | |||
117 | return stats; | ||
118 | } | ||
119 | |||
84 | static int br_change_mtu(struct net_device *dev, int new_mtu) | 120 | static int br_change_mtu(struct net_device *dev, int new_mtu) |
85 | { | 121 | { |
86 | struct net_bridge *br = netdev_priv(dev); | 122 | struct net_bridge *br = netdev_priv(dev); |
@@ -162,6 +198,78 @@ static int br_set_tx_csum(struct net_device *dev, u32 data) | |||
162 | return 0; | 198 | return 0; |
163 | } | 199 | } |
164 | 200 | ||
201 | #ifdef CONFIG_NET_POLL_CONTROLLER | ||
202 | static bool br_devices_support_netpoll(struct net_bridge *br) | ||
203 | { | ||
204 | struct net_bridge_port *p; | ||
205 | bool ret = true; | ||
206 | int count = 0; | ||
207 | unsigned long flags; | ||
208 | |||
209 | spin_lock_irqsave(&br->lock, flags); | ||
210 | list_for_each_entry(p, &br->port_list, list) { | ||
211 | count++; | ||
212 | if ((p->dev->priv_flags & IFF_DISABLE_NETPOLL) || | ||
213 | !p->dev->netdev_ops->ndo_poll_controller) | ||
214 | ret = false; | ||
215 | } | ||
216 | spin_unlock_irqrestore(&br->lock, flags); | ||
217 | return count != 0 && ret; | ||
218 | } | ||
219 | |||
220 | static void br_poll_controller(struct net_device *br_dev) | ||
221 | { | ||
222 | struct netpoll *np = br_dev->npinfo->netpoll; | ||
223 | |||
224 | if (np->real_dev != br_dev) | ||
225 | netpoll_poll_dev(np->real_dev); | ||
226 | } | ||
227 | |||
228 | void br_netpoll_cleanup(struct net_device *dev) | ||
229 | { | ||
230 | struct net_bridge *br = netdev_priv(dev); | ||
231 | struct net_bridge_port *p, *n; | ||
232 | const struct net_device_ops *ops; | ||
233 | |||
234 | br->dev->npinfo = NULL; | ||
235 | list_for_each_entry_safe(p, n, &br->port_list, list) { | ||
236 | if (p->dev) { | ||
237 | ops = p->dev->netdev_ops; | ||
238 | if (ops->ndo_netpoll_cleanup) | ||
239 | ops->ndo_netpoll_cleanup(p->dev); | ||
240 | else | ||
241 | p->dev->npinfo = NULL; | ||
242 | } | ||
243 | } | ||
244 | } | ||
245 | |||
246 | void br_netpoll_disable(struct net_bridge *br, | ||
247 | struct net_device *dev) | ||
248 | { | ||
249 | if (br_devices_support_netpoll(br)) | ||
250 | br->dev->priv_flags &= ~IFF_DISABLE_NETPOLL; | ||
251 | if (dev->netdev_ops->ndo_netpoll_cleanup) | ||
252 | dev->netdev_ops->ndo_netpoll_cleanup(dev); | ||
253 | else | ||
254 | dev->npinfo = NULL; | ||
255 | } | ||
256 | |||
257 | void br_netpoll_enable(struct net_bridge *br, | ||
258 | struct net_device *dev) | ||
259 | { | ||
260 | if (br_devices_support_netpoll(br)) { | ||
261 | br->dev->priv_flags &= ~IFF_DISABLE_NETPOLL; | ||
262 | if (br->dev->npinfo) | ||
263 | dev->npinfo = br->dev->npinfo; | ||
264 | } else if (!(br->dev->priv_flags & IFF_DISABLE_NETPOLL)) { | ||
265 | br->dev->priv_flags |= IFF_DISABLE_NETPOLL; | ||
266 | br_info(br,"new device %s does not support netpoll (disabling)", | ||
267 | dev->name); | ||
268 | } | ||
269 | } | ||
270 | |||
271 | #endif | ||
272 | |||
165 | static const struct ethtool_ops br_ethtool_ops = { | 273 | static const struct ethtool_ops br_ethtool_ops = { |
166 | .get_drvinfo = br_getinfo, | 274 | .get_drvinfo = br_getinfo, |
167 | .get_link = ethtool_op_get_link, | 275 | .get_link = ethtool_op_get_link, |
@@ -180,19 +288,32 @@ static const struct net_device_ops br_netdev_ops = { | |||
180 | .ndo_open = br_dev_open, | 288 | .ndo_open = br_dev_open, |
181 | .ndo_stop = br_dev_stop, | 289 | .ndo_stop = br_dev_stop, |
182 | .ndo_start_xmit = br_dev_xmit, | 290 | .ndo_start_xmit = br_dev_xmit, |
291 | .ndo_get_stats = br_get_stats, | ||
183 | .ndo_set_mac_address = br_set_mac_address, | 292 | .ndo_set_mac_address = br_set_mac_address, |
184 | .ndo_set_multicast_list = br_dev_set_multicast_list, | 293 | .ndo_set_multicast_list = br_dev_set_multicast_list, |
185 | .ndo_change_mtu = br_change_mtu, | 294 | .ndo_change_mtu = br_change_mtu, |
186 | .ndo_do_ioctl = br_dev_ioctl, | 295 | .ndo_do_ioctl = br_dev_ioctl, |
296 | #ifdef CONFIG_NET_POLL_CONTROLLER | ||
297 | .ndo_netpoll_cleanup = br_netpoll_cleanup, | ||
298 | .ndo_poll_controller = br_poll_controller, | ||
299 | #endif | ||
187 | }; | 300 | }; |
188 | 301 | ||
302 | static void br_dev_free(struct net_device *dev) | ||
303 | { | ||
304 | struct net_bridge *br = netdev_priv(dev); | ||
305 | |||
306 | free_percpu(br->stats); | ||
307 | free_netdev(dev); | ||
308 | } | ||
309 | |||
189 | void br_dev_setup(struct net_device *dev) | 310 | void br_dev_setup(struct net_device *dev) |
190 | { | 311 | { |
191 | random_ether_addr(dev->dev_addr); | 312 | random_ether_addr(dev->dev_addr); |
192 | ether_setup(dev); | 313 | ether_setup(dev); |
193 | 314 | ||
194 | dev->netdev_ops = &br_netdev_ops; | 315 | dev->netdev_ops = &br_netdev_ops; |
195 | dev->destructor = free_netdev; | 316 | dev->destructor = br_dev_free; |
196 | SET_ETHTOOL_OPS(dev, &br_ethtool_ops); | 317 | SET_ETHTOOL_OPS(dev, &br_ethtool_ops); |
197 | dev->tx_queue_len = 0; | 318 | dev->tx_queue_len = 0; |
198 | dev->priv_flags = IFF_EBRIDGE; | 319 | dev->priv_flags = IFF_EBRIDGE; |
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c index 9101a4e5620..26637439965 100644 --- a/net/bridge/br_fdb.c +++ b/net/bridge/br_fdb.c | |||
@@ -353,8 +353,7 @@ static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source, | |||
353 | */ | 353 | */ |
354 | if (fdb->is_local) | 354 | if (fdb->is_local) |
355 | return 0; | 355 | return 0; |
356 | 356 | br_warn(br, "adding interface %s with same address " | |
357 | printk(KERN_WARNING "%s adding interface with same address " | ||
358 | "as a received packet\n", | 357 | "as a received packet\n", |
359 | source->dev->name); | 358 | source->dev->name); |
360 | fdb_delete(fdb); | 359 | fdb_delete(fdb); |
@@ -397,9 +396,9 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source, | |||
397 | /* attempt to update an entry for a local interface */ | 396 | /* attempt to update an entry for a local interface */ |
398 | if (unlikely(fdb->is_local)) { | 397 | if (unlikely(fdb->is_local)) { |
399 | if (net_ratelimit()) | 398 | if (net_ratelimit()) |
400 | printk(KERN_WARNING "%s: received packet with " | 399 | br_warn(br, "received packet on %s with " |
401 | "own address as source address\n", | 400 | "own address as source address\n", |
402 | source->dev->name); | 401 | source->dev->name); |
403 | } else { | 402 | } else { |
404 | /* fastpath: update of existing entry */ | 403 | /* fastpath: update of existing entry */ |
405 | fdb->dst = source; | 404 | fdb->dst = source; |
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c index 7a241c39698..a98ef139309 100644 --- a/net/bridge/br_forward.c +++ b/net/bridge/br_forward.c | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/slab.h> | 15 | #include <linux/slab.h> |
16 | #include <linux/kernel.h> | 16 | #include <linux/kernel.h> |
17 | #include <linux/netdevice.h> | 17 | #include <linux/netdevice.h> |
18 | #include <linux/netpoll.h> | ||
18 | #include <linux/skbuff.h> | 19 | #include <linux/skbuff.h> |
19 | #include <linux/if_vlan.h> | 20 | #include <linux/if_vlan.h> |
20 | #include <linux/netfilter_bridge.h> | 21 | #include <linux/netfilter_bridge.h> |
@@ -44,13 +45,19 @@ int br_dev_queue_push_xmit(struct sk_buff *skb) | |||
44 | if (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb)) | 45 | if (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb)) |
45 | kfree_skb(skb); | 46 | kfree_skb(skb); |
46 | else { | 47 | else { |
47 | /* ip_refrag calls ip_fragment, doesn't copy the MAC header. */ | 48 | /* ip_fragment doesn't copy the MAC header */ |
48 | if (nf_bridge_maybe_copy_header(skb)) | 49 | if (nf_bridge_maybe_copy_header(skb)) |
49 | kfree_skb(skb); | 50 | kfree_skb(skb); |
50 | else { | 51 | else { |
51 | skb_push(skb, ETH_HLEN); | 52 | skb_push(skb, ETH_HLEN); |
52 | 53 | ||
53 | dev_queue_xmit(skb); | 54 | #ifdef CONFIG_NET_POLL_CONTROLLER |
55 | if (unlikely(skb->dev->priv_flags & IFF_IN_NETPOLL)) { | ||
56 | netpoll_send_skb(skb->dev->npinfo->netpoll, skb); | ||
57 | skb->dev->priv_flags &= ~IFF_IN_NETPOLL; | ||
58 | } else | ||
59 | #endif | ||
60 | dev_queue_xmit(skb); | ||
54 | } | 61 | } |
55 | } | 62 | } |
56 | 63 | ||
@@ -59,16 +66,30 @@ int br_dev_queue_push_xmit(struct sk_buff *skb) | |||
59 | 66 | ||
60 | int br_forward_finish(struct sk_buff *skb) | 67 | int br_forward_finish(struct sk_buff *skb) |
61 | { | 68 | { |
62 | return NF_HOOK(PF_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, | 69 | return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, |
63 | br_dev_queue_push_xmit); | 70 | br_dev_queue_push_xmit); |
64 | 71 | ||
65 | } | 72 | } |
66 | 73 | ||
67 | static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) | 74 | static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) |
68 | { | 75 | { |
76 | #ifdef CONFIG_NET_POLL_CONTROLLER | ||
77 | struct net_bridge *br = to->br; | ||
78 | if (unlikely(br->dev->priv_flags & IFF_IN_NETPOLL)) { | ||
79 | struct netpoll *np; | ||
80 | to->dev->npinfo = skb->dev->npinfo; | ||
81 | np = skb->dev->npinfo->netpoll; | ||
82 | np->real_dev = np->dev = to->dev; | ||
83 | to->dev->priv_flags |= IFF_IN_NETPOLL; | ||
84 | } | ||
85 | #endif | ||
69 | skb->dev = to->dev; | 86 | skb->dev = to->dev; |
70 | NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, | 87 | NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, |
71 | br_forward_finish); | 88 | br_forward_finish); |
89 | #ifdef CONFIG_NET_POLL_CONTROLLER | ||
90 | if (skb->dev->npinfo) | ||
91 | skb->dev->npinfo->netpoll->dev = br->dev; | ||
92 | #endif | ||
72 | } | 93 | } |
73 | 94 | ||
74 | static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb) | 95 | static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb) |
@@ -84,8 +105,8 @@ static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb) | |||
84 | skb->dev = to->dev; | 105 | skb->dev = to->dev; |
85 | skb_forward_csum(skb); | 106 | skb_forward_csum(skb); |
86 | 107 | ||
87 | NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, | 108 | NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, |
88 | br_forward_finish); | 109 | br_forward_finish); |
89 | } | 110 | } |
90 | 111 | ||
91 | /* called with rcu_read_lock */ | 112 | /* called with rcu_read_lock */ |
@@ -208,17 +229,15 @@ static void br_multicast_flood(struct net_bridge_mdb_entry *mdst, | |||
208 | { | 229 | { |
209 | struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; | 230 | struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; |
210 | struct net_bridge *br = netdev_priv(dev); | 231 | struct net_bridge *br = netdev_priv(dev); |
211 | struct net_bridge_port *port; | 232 | struct net_bridge_port *prev = NULL; |
212 | struct net_bridge_port *lport, *rport; | ||
213 | struct net_bridge_port *prev; | ||
214 | struct net_bridge_port_group *p; | 233 | struct net_bridge_port_group *p; |
215 | struct hlist_node *rp; | 234 | struct hlist_node *rp; |
216 | 235 | ||
217 | prev = NULL; | 236 | rp = rcu_dereference(br->router_list.first); |
218 | 237 | p = mdst ? rcu_dereference(mdst->ports) : NULL; | |
219 | rp = br->router_list.first; | ||
220 | p = mdst ? mdst->ports : NULL; | ||
221 | while (p || rp) { | 238 | while (p || rp) { |
239 | struct net_bridge_port *port, *lport, *rport; | ||
240 | |||
222 | lport = p ? p->port : NULL; | 241 | lport = p ? p->port : NULL; |
223 | rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) : | 242 | rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) : |
224 | NULL; | 243 | NULL; |
@@ -231,9 +250,9 @@ static void br_multicast_flood(struct net_bridge_mdb_entry *mdst, | |||
231 | goto out; | 250 | goto out; |
232 | 251 | ||
233 | if ((unsigned long)lport >= (unsigned long)port) | 252 | if ((unsigned long)lport >= (unsigned long)port) |
234 | p = p->next; | 253 | p = rcu_dereference(p->next); |
235 | if ((unsigned long)rport >= (unsigned long)port) | 254 | if ((unsigned long)rport >= (unsigned long)port) |
236 | rp = rp->next; | 255 | rp = rcu_dereference(rp->next); |
237 | } | 256 | } |
238 | 257 | ||
239 | if (!prev) | 258 | if (!prev) |
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index 0b6b1f2ff7a..18b245e2c00 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c | |||
@@ -13,6 +13,7 @@ | |||
13 | 13 | ||
14 | #include <linux/kernel.h> | 14 | #include <linux/kernel.h> |
15 | #include <linux/netdevice.h> | 15 | #include <linux/netdevice.h> |
16 | #include <linux/netpoll.h> | ||
16 | #include <linux/ethtool.h> | 17 | #include <linux/ethtool.h> |
17 | #include <linux/if_arp.h> | 18 | #include <linux/if_arp.h> |
18 | #include <linux/module.h> | 19 | #include <linux/module.h> |
@@ -132,7 +133,7 @@ static void del_nbp(struct net_bridge_port *p) | |||
132 | struct net_bridge *br = p->br; | 133 | struct net_bridge *br = p->br; |
133 | struct net_device *dev = p->dev; | 134 | struct net_device *dev = p->dev; |
134 | 135 | ||
135 | sysfs_remove_link(br->ifobj, dev->name); | 136 | sysfs_remove_link(br->ifobj, p->dev->name); |
136 | 137 | ||
137 | dev_set_promiscuity(dev, -1); | 138 | dev_set_promiscuity(dev, -1); |
138 | 139 | ||
@@ -153,6 +154,7 @@ static void del_nbp(struct net_bridge_port *p) | |||
153 | kobject_uevent(&p->kobj, KOBJ_REMOVE); | 154 | kobject_uevent(&p->kobj, KOBJ_REMOVE); |
154 | kobject_del(&p->kobj); | 155 | kobject_del(&p->kobj); |
155 | 156 | ||
157 | br_netpoll_disable(br, dev); | ||
156 | call_rcu(&p->rcu, destroy_nbp_rcu); | 158 | call_rcu(&p->rcu, destroy_nbp_rcu); |
157 | } | 159 | } |
158 | 160 | ||
@@ -165,6 +167,8 @@ static void del_br(struct net_bridge *br, struct list_head *head) | |||
165 | del_nbp(p); | 167 | del_nbp(p); |
166 | } | 168 | } |
167 | 169 | ||
170 | br_netpoll_cleanup(br->dev); | ||
171 | |||
168 | del_timer_sync(&br->gc_timer); | 172 | del_timer_sync(&br->gc_timer); |
169 | 173 | ||
170 | br_sysfs_delbr(br->dev); | 174 | br_sysfs_delbr(br->dev); |
@@ -186,6 +190,12 @@ static struct net_device *new_bridge_dev(struct net *net, const char *name) | |||
186 | br = netdev_priv(dev); | 190 | br = netdev_priv(dev); |
187 | br->dev = dev; | 191 | br->dev = dev; |
188 | 192 | ||
193 | br->stats = alloc_percpu(struct br_cpu_netstats); | ||
194 | if (!br->stats) { | ||
195 | free_netdev(dev); | ||
196 | return NULL; | ||
197 | } | ||
198 | |||
189 | spin_lock_init(&br->lock); | 199 | spin_lock_init(&br->lock); |
190 | INIT_LIST_HEAD(&br->port_list); | 200 | INIT_LIST_HEAD(&br->port_list); |
191 | spin_lock_init(&br->hash_lock); | 201 | spin_lock_init(&br->hash_lock); |
@@ -438,6 +448,8 @@ int br_add_if(struct net_bridge *br, struct net_device *dev) | |||
438 | 448 | ||
439 | kobject_uevent(&p->kobj, KOBJ_ADD); | 449 | kobject_uevent(&p->kobj, KOBJ_ADD); |
440 | 450 | ||
451 | br_netpoll_enable(br, dev); | ||
452 | |||
441 | return 0; | 453 | return 0; |
442 | err2: | 454 | err2: |
443 | br_fdb_delete_by_port(br, p, 1); | 455 | br_fdb_delete_by_port(br, p, 1); |
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index a82dde2d2ea..d36e700f7a2 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c | |||
@@ -24,14 +24,16 @@ const u8 br_group_address[ETH_ALEN] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 }; | |||
24 | static int br_pass_frame_up(struct sk_buff *skb) | 24 | static int br_pass_frame_up(struct sk_buff *skb) |
25 | { | 25 | { |
26 | struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev; | 26 | struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev; |
27 | struct net_bridge *br = netdev_priv(brdev); | ||
28 | struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats); | ||
27 | 29 | ||
28 | brdev->stats.rx_packets++; | 30 | brstats->rx_packets++; |
29 | brdev->stats.rx_bytes += skb->len; | 31 | brstats->rx_bytes += skb->len; |
30 | 32 | ||
31 | indev = skb->dev; | 33 | indev = skb->dev; |
32 | skb->dev = brdev; | 34 | skb->dev = brdev; |
33 | 35 | ||
34 | return NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, | 36 | return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, |
35 | netif_receive_skb); | 37 | netif_receive_skb); |
36 | } | 38 | } |
37 | 39 | ||
@@ -154,7 +156,7 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb) | |||
154 | if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0) | 156 | if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0) |
155 | goto forward; | 157 | goto forward; |
156 | 158 | ||
157 | if (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, | 159 | if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, |
158 | NULL, br_handle_local_finish)) | 160 | NULL, br_handle_local_finish)) |
159 | return NULL; /* frame consumed by filter */ | 161 | return NULL; /* frame consumed by filter */ |
160 | else | 162 | else |
@@ -175,7 +177,7 @@ forward: | |||
175 | if (!compare_ether_addr(p->br->dev->dev_addr, dest)) | 177 | if (!compare_ether_addr(p->br->dev->dev_addr, dest)) |
176 | skb->pkt_type = PACKET_HOST; | 178 | skb->pkt_type = PACKET_HOST; |
177 | 179 | ||
178 | NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, | 180 | NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, |
179 | br_handle_frame_finish); | 181 | br_handle_frame_finish); |
180 | break; | 182 | break; |
181 | default: | 183 | default: |
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c index 995afc4b04d..cb43312b846 100644 --- a/net/bridge/br_ioctl.c +++ b/net/bridge/br_ioctl.c | |||
@@ -412,6 +412,6 @@ int br_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) | |||
412 | 412 | ||
413 | } | 413 | } |
414 | 414 | ||
415 | pr_debug("Bridge does not support ioctl 0x%x\n", cmd); | 415 | br_debug(br, "Bridge does not support ioctl 0x%x\n", cmd); |
416 | return -EOPNOTSUPP; | 416 | return -EOPNOTSUPP; |
417 | } | 417 | } |
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index eaa0e1bae49..9d21d98ae5f 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c | |||
@@ -24,51 +24,139 @@ | |||
24 | #include <linux/slab.h> | 24 | #include <linux/slab.h> |
25 | #include <linux/timer.h> | 25 | #include <linux/timer.h> |
26 | #include <net/ip.h> | 26 | #include <net/ip.h> |
27 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
28 | #include <net/ipv6.h> | ||
29 | #include <net/mld.h> | ||
30 | #include <net/addrconf.h> | ||
31 | #include <net/ip6_checksum.h> | ||
32 | #endif | ||
27 | 33 | ||
28 | #include "br_private.h" | 34 | #include "br_private.h" |
29 | 35 | ||
30 | static inline int br_ip_hash(struct net_bridge_mdb_htable *mdb, __be32 ip) | 36 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
37 | static inline int ipv6_is_local_multicast(const struct in6_addr *addr) | ||
31 | { | 38 | { |
32 | return jhash_1word(mdb->secret, (u32)ip) & (mdb->max - 1); | 39 | if (ipv6_addr_is_multicast(addr) && |
40 | IPV6_ADDR_MC_SCOPE(addr) <= IPV6_ADDR_SCOPE_LINKLOCAL) | ||
41 | return 1; | ||
42 | return 0; | ||
43 | } | ||
44 | #endif | ||
45 | |||
46 | static inline int br_ip_equal(const struct br_ip *a, const struct br_ip *b) | ||
47 | { | ||
48 | if (a->proto != b->proto) | ||
49 | return 0; | ||
50 | switch (a->proto) { | ||
51 | case htons(ETH_P_IP): | ||
52 | return a->u.ip4 == b->u.ip4; | ||
53 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
54 | case htons(ETH_P_IPV6): | ||
55 | return ipv6_addr_equal(&a->u.ip6, &b->u.ip6); | ||
56 | #endif | ||
57 | } | ||
58 | return 0; | ||
59 | } | ||
60 | |||
61 | static inline int __br_ip4_hash(struct net_bridge_mdb_htable *mdb, __be32 ip) | ||
62 | { | ||
63 | return jhash_1word(mdb->secret, (__force u32)ip) & (mdb->max - 1); | ||
64 | } | ||
65 | |||
66 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
67 | static inline int __br_ip6_hash(struct net_bridge_mdb_htable *mdb, | ||
68 | const struct in6_addr *ip) | ||
69 | { | ||
70 | return jhash2((__force u32 *)ip->s6_addr32, 4, mdb->secret) & (mdb->max - 1); | ||
71 | } | ||
72 | #endif | ||
73 | |||
74 | static inline int br_ip_hash(struct net_bridge_mdb_htable *mdb, | ||
75 | struct br_ip *ip) | ||
76 | { | ||
77 | switch (ip->proto) { | ||
78 | case htons(ETH_P_IP): | ||
79 | return __br_ip4_hash(mdb, ip->u.ip4); | ||
80 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
81 | case htons(ETH_P_IPV6): | ||
82 | return __br_ip6_hash(mdb, &ip->u.ip6); | ||
83 | #endif | ||
84 | } | ||
85 | return 0; | ||
33 | } | 86 | } |
34 | 87 | ||
35 | static struct net_bridge_mdb_entry *__br_mdb_ip_get( | 88 | static struct net_bridge_mdb_entry *__br_mdb_ip_get( |
36 | struct net_bridge_mdb_htable *mdb, __be32 dst, int hash) | 89 | struct net_bridge_mdb_htable *mdb, struct br_ip *dst, int hash) |
37 | { | 90 | { |
38 | struct net_bridge_mdb_entry *mp; | 91 | struct net_bridge_mdb_entry *mp; |
39 | struct hlist_node *p; | 92 | struct hlist_node *p; |
40 | 93 | ||
41 | hlist_for_each_entry_rcu(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) { | 94 | hlist_for_each_entry_rcu(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) { |
42 | if (dst == mp->addr) | 95 | if (br_ip_equal(&mp->addr, dst)) |
43 | return mp; | 96 | return mp; |
44 | } | 97 | } |
45 | 98 | ||
46 | return NULL; | 99 | return NULL; |
47 | } | 100 | } |
48 | 101 | ||
49 | static struct net_bridge_mdb_entry *br_mdb_ip_get( | 102 | static struct net_bridge_mdb_entry *br_mdb_ip4_get( |
50 | struct net_bridge_mdb_htable *mdb, __be32 dst) | 103 | struct net_bridge_mdb_htable *mdb, __be32 dst) |
51 | { | 104 | { |
52 | if (!mdb) | 105 | struct br_ip br_dst; |
53 | return NULL; | 106 | |
107 | br_dst.u.ip4 = dst; | ||
108 | br_dst.proto = htons(ETH_P_IP); | ||
109 | |||
110 | return __br_mdb_ip_get(mdb, &br_dst, __br_ip4_hash(mdb, dst)); | ||
111 | } | ||
112 | |||
113 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
114 | static struct net_bridge_mdb_entry *br_mdb_ip6_get( | ||
115 | struct net_bridge_mdb_htable *mdb, const struct in6_addr *dst) | ||
116 | { | ||
117 | struct br_ip br_dst; | ||
118 | |||
119 | ipv6_addr_copy(&br_dst.u.ip6, dst); | ||
120 | br_dst.proto = htons(ETH_P_IPV6); | ||
54 | 121 | ||
122 | return __br_mdb_ip_get(mdb, &br_dst, __br_ip6_hash(mdb, dst)); | ||
123 | } | ||
124 | #endif | ||
125 | |||
126 | static struct net_bridge_mdb_entry *br_mdb_ip_get( | ||
127 | struct net_bridge_mdb_htable *mdb, struct br_ip *dst) | ||
128 | { | ||
55 | return __br_mdb_ip_get(mdb, dst, br_ip_hash(mdb, dst)); | 129 | return __br_mdb_ip_get(mdb, dst, br_ip_hash(mdb, dst)); |
56 | } | 130 | } |
57 | 131 | ||
58 | struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br, | 132 | struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br, |
59 | struct sk_buff *skb) | 133 | struct sk_buff *skb) |
60 | { | 134 | { |
61 | if (br->multicast_disabled) | 135 | struct net_bridge_mdb_htable *mdb = br->mdb; |
136 | struct br_ip ip; | ||
137 | |||
138 | if (!mdb || br->multicast_disabled) | ||
62 | return NULL; | 139 | return NULL; |
63 | 140 | ||
141 | if (BR_INPUT_SKB_CB(skb)->igmp) | ||
142 | return NULL; | ||
143 | |||
144 | ip.proto = skb->protocol; | ||
145 | |||
64 | switch (skb->protocol) { | 146 | switch (skb->protocol) { |
65 | case htons(ETH_P_IP): | 147 | case htons(ETH_P_IP): |
66 | if (BR_INPUT_SKB_CB(skb)->igmp) | 148 | ip.u.ip4 = ip_hdr(skb)->daddr; |
67 | break; | 149 | break; |
68 | return br_mdb_ip_get(br->mdb, ip_hdr(skb)->daddr); | 150 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) |
151 | case htons(ETH_P_IPV6): | ||
152 | ipv6_addr_copy(&ip.u.ip6, &ipv6_hdr(skb)->daddr); | ||
153 | break; | ||
154 | #endif | ||
155 | default: | ||
156 | return NULL; | ||
69 | } | 157 | } |
70 | 158 | ||
71 | return NULL; | 159 | return br_mdb_ip_get(mdb, &ip); |
72 | } | 160 | } |
73 | 161 | ||
74 | static void br_mdb_free(struct rcu_head *head) | 162 | static void br_mdb_free(struct rcu_head *head) |
@@ -95,7 +183,7 @@ static int br_mdb_copy(struct net_bridge_mdb_htable *new, | |||
95 | for (i = 0; i < old->max; i++) | 183 | for (i = 0; i < old->max; i++) |
96 | hlist_for_each_entry(mp, p, &old->mhash[i], hlist[old->ver]) | 184 | hlist_for_each_entry(mp, p, &old->mhash[i], hlist[old->ver]) |
97 | hlist_add_head(&mp->hlist[new->ver], | 185 | hlist_add_head(&mp->hlist[new->ver], |
98 | &new->mhash[br_ip_hash(new, mp->addr)]); | 186 | &new->mhash[br_ip_hash(new, &mp->addr)]); |
99 | 187 | ||
100 | if (!elasticity) | 188 | if (!elasticity) |
101 | return 0; | 189 | return 0; |
@@ -163,7 +251,7 @@ static void br_multicast_del_pg(struct net_bridge *br, | |||
163 | struct net_bridge_port_group *p; | 251 | struct net_bridge_port_group *p; |
164 | struct net_bridge_port_group **pp; | 252 | struct net_bridge_port_group **pp; |
165 | 253 | ||
166 | mp = br_mdb_ip_get(mdb, pg->addr); | 254 | mp = br_mdb_ip_get(mdb, &pg->addr); |
167 | if (WARN_ON(!mp)) | 255 | if (WARN_ON(!mp)) |
168 | return; | 256 | return; |
169 | 257 | ||
@@ -171,7 +259,7 @@ static void br_multicast_del_pg(struct net_bridge *br, | |||
171 | if (p != pg) | 259 | if (p != pg) |
172 | continue; | 260 | continue; |
173 | 261 | ||
174 | *pp = p->next; | 262 | rcu_assign_pointer(*pp, p->next); |
175 | hlist_del_init(&p->mglist); | 263 | hlist_del_init(&p->mglist); |
176 | del_timer(&p->timer); | 264 | del_timer(&p->timer); |
177 | del_timer(&p->query_timer); | 265 | del_timer(&p->query_timer); |
@@ -249,8 +337,8 @@ out: | |||
249 | return 0; | 337 | return 0; |
250 | } | 338 | } |
251 | 339 | ||
252 | static struct sk_buff *br_multicast_alloc_query(struct net_bridge *br, | 340 | static struct sk_buff *br_ip4_multicast_alloc_query(struct net_bridge *br, |
253 | __be32 group) | 341 | __be32 group) |
254 | { | 342 | { |
255 | struct sk_buff *skb; | 343 | struct sk_buff *skb; |
256 | struct igmphdr *ih; | 344 | struct igmphdr *ih; |
@@ -314,12 +402,104 @@ out: | |||
314 | return skb; | 402 | return skb; |
315 | } | 403 | } |
316 | 404 | ||
405 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
406 | static struct sk_buff *br_ip6_multicast_alloc_query(struct net_bridge *br, | ||
407 | struct in6_addr *group) | ||
408 | { | ||
409 | struct sk_buff *skb; | ||
410 | struct ipv6hdr *ip6h; | ||
411 | struct mld_msg *mldq; | ||
412 | struct ethhdr *eth; | ||
413 | u8 *hopopt; | ||
414 | unsigned long interval; | ||
415 | |||
416 | skb = netdev_alloc_skb_ip_align(br->dev, sizeof(*eth) + sizeof(*ip6h) + | ||
417 | 8 + sizeof(*mldq)); | ||
418 | if (!skb) | ||
419 | goto out; | ||
420 | |||
421 | skb->protocol = htons(ETH_P_IPV6); | ||
422 | |||
423 | /* Ethernet header */ | ||
424 | skb_reset_mac_header(skb); | ||
425 | eth = eth_hdr(skb); | ||
426 | |||
427 | memcpy(eth->h_source, br->dev->dev_addr, 6); | ||
428 | ipv6_eth_mc_map(group, eth->h_dest); | ||
429 | eth->h_proto = htons(ETH_P_IPV6); | ||
430 | skb_put(skb, sizeof(*eth)); | ||
431 | |||
432 | /* IPv6 header + HbH option */ | ||
433 | skb_set_network_header(skb, skb->len); | ||
434 | ip6h = ipv6_hdr(skb); | ||
435 | |||
436 | *(__force __be32 *)ip6h = htonl(0x60000000); | ||
437 | ip6h->payload_len = 8 + sizeof(*mldq); | ||
438 | ip6h->nexthdr = IPPROTO_HOPOPTS; | ||
439 | ip6h->hop_limit = 1; | ||
440 | ipv6_addr_set(&ip6h->saddr, 0, 0, 0, 0); | ||
441 | ipv6_addr_set(&ip6h->daddr, htonl(0xff020000), 0, 0, htonl(1)); | ||
442 | |||
443 | hopopt = (u8 *)(ip6h + 1); | ||
444 | hopopt[0] = IPPROTO_ICMPV6; /* next hdr */ | ||
445 | hopopt[1] = 0; /* length of HbH */ | ||
446 | hopopt[2] = IPV6_TLV_ROUTERALERT; /* Router Alert */ | ||
447 | hopopt[3] = 2; /* Length of RA Option */ | ||
448 | hopopt[4] = 0; /* Type = 0x0000 (MLD) */ | ||
449 | hopopt[5] = 0; | ||
450 | hopopt[6] = IPV6_TLV_PAD0; /* Pad0 */ | ||
451 | hopopt[7] = IPV6_TLV_PAD0; /* Pad0 */ | ||
452 | |||
453 | skb_put(skb, sizeof(*ip6h) + 8); | ||
454 | |||
455 | /* ICMPv6 */ | ||
456 | skb_set_transport_header(skb, skb->len); | ||
457 | mldq = (struct mld_msg *) icmp6_hdr(skb); | ||
458 | |||
459 | interval = ipv6_addr_any(group) ? br->multicast_last_member_interval : | ||
460 | br->multicast_query_response_interval; | ||
461 | |||
462 | mldq->mld_type = ICMPV6_MGM_QUERY; | ||
463 | mldq->mld_code = 0; | ||
464 | mldq->mld_cksum = 0; | ||
465 | mldq->mld_maxdelay = htons((u16)jiffies_to_msecs(interval)); | ||
466 | mldq->mld_reserved = 0; | ||
467 | ipv6_addr_copy(&mldq->mld_mca, group); | ||
468 | |||
469 | /* checksum */ | ||
470 | mldq->mld_cksum = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr, | ||
471 | sizeof(*mldq), IPPROTO_ICMPV6, | ||
472 | csum_partial(mldq, | ||
473 | sizeof(*mldq), 0)); | ||
474 | skb_put(skb, sizeof(*mldq)); | ||
475 | |||
476 | __skb_pull(skb, sizeof(*eth)); | ||
477 | |||
478 | out: | ||
479 | return skb; | ||
480 | } | ||
481 | #endif | ||
482 | |||
483 | static struct sk_buff *br_multicast_alloc_query(struct net_bridge *br, | ||
484 | struct br_ip *addr) | ||
485 | { | ||
486 | switch (addr->proto) { | ||
487 | case htons(ETH_P_IP): | ||
488 | return br_ip4_multicast_alloc_query(br, addr->u.ip4); | ||
489 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
490 | case htons(ETH_P_IPV6): | ||
491 | return br_ip6_multicast_alloc_query(br, &addr->u.ip6); | ||
492 | #endif | ||
493 | } | ||
494 | return NULL; | ||
495 | } | ||
496 | |||
317 | static void br_multicast_send_group_query(struct net_bridge_mdb_entry *mp) | 497 | static void br_multicast_send_group_query(struct net_bridge_mdb_entry *mp) |
318 | { | 498 | { |
319 | struct net_bridge *br = mp->br; | 499 | struct net_bridge *br = mp->br; |
320 | struct sk_buff *skb; | 500 | struct sk_buff *skb; |
321 | 501 | ||
322 | skb = br_multicast_alloc_query(br, mp->addr); | 502 | skb = br_multicast_alloc_query(br, &mp->addr); |
323 | if (!skb) | 503 | if (!skb) |
324 | goto timer; | 504 | goto timer; |
325 | 505 | ||
@@ -353,7 +533,7 @@ static void br_multicast_send_port_group_query(struct net_bridge_port_group *pg) | |||
353 | struct net_bridge *br = port->br; | 533 | struct net_bridge *br = port->br; |
354 | struct sk_buff *skb; | 534 | struct sk_buff *skb; |
355 | 535 | ||
356 | skb = br_multicast_alloc_query(br, pg->addr); | 536 | skb = br_multicast_alloc_query(br, &pg->addr); |
357 | if (!skb) | 537 | if (!skb) |
358 | goto timer; | 538 | goto timer; |
359 | 539 | ||
@@ -383,8 +563,8 @@ out: | |||
383 | } | 563 | } |
384 | 564 | ||
385 | static struct net_bridge_mdb_entry *br_multicast_get_group( | 565 | static struct net_bridge_mdb_entry *br_multicast_get_group( |
386 | struct net_bridge *br, struct net_bridge_port *port, __be32 group, | 566 | struct net_bridge *br, struct net_bridge_port *port, |
387 | int hash) | 567 | struct br_ip *group, int hash) |
388 | { | 568 | { |
389 | struct net_bridge_mdb_htable *mdb = br->mdb; | 569 | struct net_bridge_mdb_htable *mdb = br->mdb; |
390 | struct net_bridge_mdb_entry *mp; | 570 | struct net_bridge_mdb_entry *mp; |
@@ -396,9 +576,8 @@ static struct net_bridge_mdb_entry *br_multicast_get_group( | |||
396 | 576 | ||
397 | hlist_for_each_entry(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) { | 577 | hlist_for_each_entry(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) { |
398 | count++; | 578 | count++; |
399 | if (unlikely(group == mp->addr)) { | 579 | if (unlikely(br_ip_equal(group, &mp->addr))) |
400 | return mp; | 580 | return mp; |
401 | } | ||
402 | } | 581 | } |
403 | 582 | ||
404 | elasticity = 0; | 583 | elasticity = 0; |
@@ -406,10 +585,9 @@ static struct net_bridge_mdb_entry *br_multicast_get_group( | |||
406 | 585 | ||
407 | if (unlikely(count > br->hash_elasticity && count)) { | 586 | if (unlikely(count > br->hash_elasticity && count)) { |
408 | if (net_ratelimit()) | 587 | if (net_ratelimit()) |
409 | printk(KERN_INFO "%s: Multicast hash table " | 588 | br_info(br, "Multicast hash table " |
410 | "chain limit reached: %s\n", | 589 | "chain limit reached: %s\n", |
411 | br->dev->name, port ? port->dev->name : | 590 | port ? port->dev->name : br->dev->name); |
412 | br->dev->name); | ||
413 | 591 | ||
414 | elasticity = br->hash_elasticity; | 592 | elasticity = br->hash_elasticity; |
415 | } | 593 | } |
@@ -417,11 +595,9 @@ static struct net_bridge_mdb_entry *br_multicast_get_group( | |||
417 | if (mdb->size >= max) { | 595 | if (mdb->size >= max) { |
418 | max *= 2; | 596 | max *= 2; |
419 | if (unlikely(max >= br->hash_max)) { | 597 | if (unlikely(max >= br->hash_max)) { |
420 | printk(KERN_WARNING "%s: Multicast hash table maximum " | 598 | br_warn(br, "Multicast hash table maximum " |
421 | "reached, disabling snooping: %s, %d\n", | 599 | "reached, disabling snooping: %s, %d\n", |
422 | br->dev->name, port ? port->dev->name : | 600 | port ? port->dev->name : br->dev->name, max); |
423 | br->dev->name, | ||
424 | max); | ||
425 | err = -E2BIG; | 601 | err = -E2BIG; |
426 | disable: | 602 | disable: |
427 | br->multicast_disabled = 1; | 603 | br->multicast_disabled = 1; |
@@ -432,22 +608,19 @@ disable: | |||
432 | if (max > mdb->max || elasticity) { | 608 | if (max > mdb->max || elasticity) { |
433 | if (mdb->old) { | 609 | if (mdb->old) { |
434 | if (net_ratelimit()) | 610 | if (net_ratelimit()) |
435 | printk(KERN_INFO "%s: Multicast hash table " | 611 | br_info(br, "Multicast hash table " |
436 | "on fire: %s\n", | 612 | "on fire: %s\n", |
437 | br->dev->name, port ? port->dev->name : | 613 | port ? port->dev->name : br->dev->name); |
438 | br->dev->name); | ||
439 | err = -EEXIST; | 614 | err = -EEXIST; |
440 | goto err; | 615 | goto err; |
441 | } | 616 | } |
442 | 617 | ||
443 | err = br_mdb_rehash(&br->mdb, max, elasticity); | 618 | err = br_mdb_rehash(&br->mdb, max, elasticity); |
444 | if (err) { | 619 | if (err) { |
445 | printk(KERN_WARNING "%s: Cannot rehash multicast " | 620 | br_warn(br, "Cannot rehash multicast " |
446 | "hash table, disabling snooping: " | 621 | "hash table, disabling snooping: %s, %d, %d\n", |
447 | "%s, %d, %d\n", | 622 | port ? port->dev->name : br->dev->name, |
448 | br->dev->name, port ? port->dev->name : | 623 | mdb->size, err); |
449 | br->dev->name, | ||
450 | mdb->size, err); | ||
451 | goto disable; | 624 | goto disable; |
452 | } | 625 | } |
453 | 626 | ||
@@ -463,7 +636,8 @@ err: | |||
463 | } | 636 | } |
464 | 637 | ||
465 | static struct net_bridge_mdb_entry *br_multicast_new_group( | 638 | static struct net_bridge_mdb_entry *br_multicast_new_group( |
466 | struct net_bridge *br, struct net_bridge_port *port, __be32 group) | 639 | struct net_bridge *br, struct net_bridge_port *port, |
640 | struct br_ip *group) | ||
467 | { | 641 | { |
468 | struct net_bridge_mdb_htable *mdb = br->mdb; | 642 | struct net_bridge_mdb_htable *mdb = br->mdb; |
469 | struct net_bridge_mdb_entry *mp; | 643 | struct net_bridge_mdb_entry *mp; |
@@ -496,7 +670,7 @@ rehash: | |||
496 | goto out; | 670 | goto out; |
497 | 671 | ||
498 | mp->br = br; | 672 | mp->br = br; |
499 | mp->addr = group; | 673 | mp->addr = *group; |
500 | setup_timer(&mp->timer, br_multicast_group_expired, | 674 | setup_timer(&mp->timer, br_multicast_group_expired, |
501 | (unsigned long)mp); | 675 | (unsigned long)mp); |
502 | setup_timer(&mp->query_timer, br_multicast_group_query_expired, | 676 | setup_timer(&mp->query_timer, br_multicast_group_query_expired, |
@@ -510,7 +684,8 @@ out: | |||
510 | } | 684 | } |
511 | 685 | ||
512 | static int br_multicast_add_group(struct net_bridge *br, | 686 | static int br_multicast_add_group(struct net_bridge *br, |
513 | struct net_bridge_port *port, __be32 group) | 687 | struct net_bridge_port *port, |
688 | struct br_ip *group) | ||
514 | { | 689 | { |
515 | struct net_bridge_mdb_entry *mp; | 690 | struct net_bridge_mdb_entry *mp; |
516 | struct net_bridge_port_group *p; | 691 | struct net_bridge_port_group *p; |
@@ -518,9 +693,6 @@ static int br_multicast_add_group(struct net_bridge *br, | |||
518 | unsigned long now = jiffies; | 693 | unsigned long now = jiffies; |
519 | int err; | 694 | int err; |
520 | 695 | ||
521 | if (ipv4_is_local_multicast(group)) | ||
522 | return 0; | ||
523 | |||
524 | spin_lock(&br->multicast_lock); | 696 | spin_lock(&br->multicast_lock); |
525 | if (!netif_running(br->dev) || | 697 | if (!netif_running(br->dev) || |
526 | (port && port->state == BR_STATE_DISABLED)) | 698 | (port && port->state == BR_STATE_DISABLED)) |
@@ -549,7 +721,7 @@ static int br_multicast_add_group(struct net_bridge *br, | |||
549 | if (unlikely(!p)) | 721 | if (unlikely(!p)) |
550 | goto err; | 722 | goto err; |
551 | 723 | ||
552 | p->addr = group; | 724 | p->addr = *group; |
553 | p->port = port; | 725 | p->port = port; |
554 | p->next = *pp; | 726 | p->next = *pp; |
555 | hlist_add_head(&p->mglist, &port->mglist); | 727 | hlist_add_head(&p->mglist, &port->mglist); |
@@ -570,6 +742,38 @@ err: | |||
570 | return err; | 742 | return err; |
571 | } | 743 | } |
572 | 744 | ||
745 | static int br_ip4_multicast_add_group(struct net_bridge *br, | ||
746 | struct net_bridge_port *port, | ||
747 | __be32 group) | ||
748 | { | ||
749 | struct br_ip br_group; | ||
750 | |||
751 | if (ipv4_is_local_multicast(group)) | ||
752 | return 0; | ||
753 | |||
754 | br_group.u.ip4 = group; | ||
755 | br_group.proto = htons(ETH_P_IP); | ||
756 | |||
757 | return br_multicast_add_group(br, port, &br_group); | ||
758 | } | ||
759 | |||
760 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
761 | static int br_ip6_multicast_add_group(struct net_bridge *br, | ||
762 | struct net_bridge_port *port, | ||
763 | const struct in6_addr *group) | ||
764 | { | ||
765 | struct br_ip br_group; | ||
766 | |||
767 | if (ipv6_is_local_multicast(group)) | ||
768 | return 0; | ||
769 | |||
770 | ipv6_addr_copy(&br_group.u.ip6, group); | ||
771 | br_group.proto = htons(ETH_P_IP); | ||
772 | |||
773 | return br_multicast_add_group(br, port, &br_group); | ||
774 | } | ||
775 | #endif | ||
776 | |||
573 | static void br_multicast_router_expired(unsigned long data) | 777 | static void br_multicast_router_expired(unsigned long data) |
574 | { | 778 | { |
575 | struct net_bridge_port *port = (void *)data; | 779 | struct net_bridge_port *port = (void *)data; |
@@ -591,29 +795,45 @@ static void br_multicast_local_router_expired(unsigned long data) | |||
591 | { | 795 | { |
592 | } | 796 | } |
593 | 797 | ||
594 | static void br_multicast_send_query(struct net_bridge *br, | 798 | static void __br_multicast_send_query(struct net_bridge *br, |
595 | struct net_bridge_port *port, u32 sent) | 799 | struct net_bridge_port *port, |
800 | struct br_ip *ip) | ||
596 | { | 801 | { |
597 | unsigned long time; | ||
598 | struct sk_buff *skb; | 802 | struct sk_buff *skb; |
599 | 803 | ||
600 | if (!netif_running(br->dev) || br->multicast_disabled || | 804 | skb = br_multicast_alloc_query(br, ip); |
601 | timer_pending(&br->multicast_querier_timer)) | ||
602 | return; | ||
603 | |||
604 | skb = br_multicast_alloc_query(br, 0); | ||
605 | if (!skb) | 805 | if (!skb) |
606 | goto timer; | 806 | return; |
607 | 807 | ||
608 | if (port) { | 808 | if (port) { |
609 | __skb_push(skb, sizeof(struct ethhdr)); | 809 | __skb_push(skb, sizeof(struct ethhdr)); |
610 | skb->dev = port->dev; | 810 | skb->dev = port->dev; |
611 | NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, | 811 | NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, |
612 | dev_queue_xmit); | 812 | dev_queue_xmit); |
613 | } else | 813 | } else |
614 | netif_rx(skb); | 814 | netif_rx(skb); |
815 | } | ||
816 | |||
817 | static void br_multicast_send_query(struct net_bridge *br, | ||
818 | struct net_bridge_port *port, u32 sent) | ||
819 | { | ||
820 | unsigned long time; | ||
821 | struct br_ip br_group; | ||
822 | |||
823 | if (!netif_running(br->dev) || br->multicast_disabled || | ||
824 | timer_pending(&br->multicast_querier_timer)) | ||
825 | return; | ||
826 | |||
827 | memset(&br_group.u, 0, sizeof(br_group.u)); | ||
828 | |||
829 | br_group.proto = htons(ETH_P_IP); | ||
830 | __br_multicast_send_query(br, port, &br_group); | ||
831 | |||
832 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
833 | br_group.proto = htons(ETH_P_IPV6); | ||
834 | __br_multicast_send_query(br, port, &br_group); | ||
835 | #endif | ||
615 | 836 | ||
616 | timer: | ||
617 | time = jiffies; | 837 | time = jiffies; |
618 | time += sent < br->multicast_startup_query_count ? | 838 | time += sent < br->multicast_startup_query_count ? |
619 | br->multicast_startup_query_interval : | 839 | br->multicast_startup_query_interval : |
@@ -698,9 +918,9 @@ void br_multicast_disable_port(struct net_bridge_port *port) | |||
698 | spin_unlock(&br->multicast_lock); | 918 | spin_unlock(&br->multicast_lock); |
699 | } | 919 | } |
700 | 920 | ||
701 | static int br_multicast_igmp3_report(struct net_bridge *br, | 921 | static int br_ip4_multicast_igmp3_report(struct net_bridge *br, |
702 | struct net_bridge_port *port, | 922 | struct net_bridge_port *port, |
703 | struct sk_buff *skb) | 923 | struct sk_buff *skb) |
704 | { | 924 | { |
705 | struct igmpv3_report *ih; | 925 | struct igmpv3_report *ih; |
706 | struct igmpv3_grec *grec; | 926 | struct igmpv3_grec *grec; |
@@ -745,7 +965,7 @@ static int br_multicast_igmp3_report(struct net_bridge *br, | |||
745 | continue; | 965 | continue; |
746 | } | 966 | } |
747 | 967 | ||
748 | err = br_multicast_add_group(br, port, group); | 968 | err = br_ip4_multicast_add_group(br, port, group); |
749 | if (err) | 969 | if (err) |
750 | break; | 970 | break; |
751 | } | 971 | } |
@@ -753,24 +973,87 @@ static int br_multicast_igmp3_report(struct net_bridge *br, | |||
753 | return err; | 973 | return err; |
754 | } | 974 | } |
755 | 975 | ||
976 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
977 | static int br_ip6_multicast_mld2_report(struct net_bridge *br, | ||
978 | struct net_bridge_port *port, | ||
979 | struct sk_buff *skb) | ||
980 | { | ||
981 | struct icmp6hdr *icmp6h; | ||
982 | struct mld2_grec *grec; | ||
983 | int i; | ||
984 | int len; | ||
985 | int num; | ||
986 | int err = 0; | ||
987 | |||
988 | if (!pskb_may_pull(skb, sizeof(*icmp6h))) | ||
989 | return -EINVAL; | ||
990 | |||
991 | icmp6h = icmp6_hdr(skb); | ||
992 | num = ntohs(icmp6h->icmp6_dataun.un_data16[1]); | ||
993 | len = sizeof(*icmp6h); | ||
994 | |||
995 | for (i = 0; i < num; i++) { | ||
996 | __be16 *nsrcs, _nsrcs; | ||
997 | |||
998 | nsrcs = skb_header_pointer(skb, | ||
999 | len + offsetof(struct mld2_grec, | ||
1000 | grec_mca), | ||
1001 | sizeof(_nsrcs), &_nsrcs); | ||
1002 | if (!nsrcs) | ||
1003 | return -EINVAL; | ||
1004 | |||
1005 | if (!pskb_may_pull(skb, | ||
1006 | len + sizeof(*grec) + | ||
1007 | sizeof(struct in6_addr) * (*nsrcs))) | ||
1008 | return -EINVAL; | ||
1009 | |||
1010 | grec = (struct mld2_grec *)(skb->data + len); | ||
1011 | len += sizeof(*grec) + sizeof(struct in6_addr) * (*nsrcs); | ||
1012 | |||
1013 | /* We treat these as MLDv1 reports for now. */ | ||
1014 | switch (grec->grec_type) { | ||
1015 | case MLD2_MODE_IS_INCLUDE: | ||
1016 | case MLD2_MODE_IS_EXCLUDE: | ||
1017 | case MLD2_CHANGE_TO_INCLUDE: | ||
1018 | case MLD2_CHANGE_TO_EXCLUDE: | ||
1019 | case MLD2_ALLOW_NEW_SOURCES: | ||
1020 | case MLD2_BLOCK_OLD_SOURCES: | ||
1021 | break; | ||
1022 | |||
1023 | default: | ||
1024 | continue; | ||
1025 | } | ||
1026 | |||
1027 | err = br_ip6_multicast_add_group(br, port, &grec->grec_mca); | ||
1028 | if (!err) | ||
1029 | break; | ||
1030 | } | ||
1031 | |||
1032 | return err; | ||
1033 | } | ||
1034 | #endif | ||
1035 | |||
1036 | /* | ||
1037 | * Add port to rotuer_list | ||
1038 | * list is maintained ordered by pointer value | ||
1039 | * and locked by br->multicast_lock and RCU | ||
1040 | */ | ||
756 | static void br_multicast_add_router(struct net_bridge *br, | 1041 | static void br_multicast_add_router(struct net_bridge *br, |
757 | struct net_bridge_port *port) | 1042 | struct net_bridge_port *port) |
758 | { | 1043 | { |
759 | struct hlist_node *p; | 1044 | struct net_bridge_port *p; |
760 | struct hlist_node **h; | 1045 | struct hlist_node *n, *slot = NULL; |
761 | 1046 | ||
762 | for (h = &br->router_list.first; | 1047 | hlist_for_each_entry(p, n, &br->router_list, rlist) { |
763 | (p = *h) && | 1048 | if ((unsigned long) port >= (unsigned long) p) |
764 | (unsigned long)container_of(p, struct net_bridge_port, rlist) > | 1049 | break; |
765 | (unsigned long)port; | 1050 | slot = n; |
766 | h = &p->next) | 1051 | } |
767 | ; | 1052 | |
768 | 1053 | if (slot) | |
769 | port->rlist.pprev = h; | 1054 | hlist_add_after_rcu(slot, &port->rlist); |
770 | port->rlist.next = p; | 1055 | else |
771 | rcu_assign_pointer(*h, &port->rlist); | 1056 | hlist_add_head_rcu(&port->rlist, &br->router_list); |
772 | if (p) | ||
773 | p->pprev = &port->rlist.next; | ||
774 | } | 1057 | } |
775 | 1058 | ||
776 | static void br_multicast_mark_router(struct net_bridge *br, | 1059 | static void br_multicast_mark_router(struct net_bridge *br, |
@@ -800,7 +1083,7 @@ timer: | |||
800 | 1083 | ||
801 | static void br_multicast_query_received(struct net_bridge *br, | 1084 | static void br_multicast_query_received(struct net_bridge *br, |
802 | struct net_bridge_port *port, | 1085 | struct net_bridge_port *port, |
803 | __be32 saddr) | 1086 | int saddr) |
804 | { | 1087 | { |
805 | if (saddr) | 1088 | if (saddr) |
806 | mod_timer(&br->multicast_querier_timer, | 1089 | mod_timer(&br->multicast_querier_timer, |
@@ -811,9 +1094,9 @@ static void br_multicast_query_received(struct net_bridge *br, | |||
811 | br_multicast_mark_router(br, port); | 1094 | br_multicast_mark_router(br, port); |
812 | } | 1095 | } |
813 | 1096 | ||
814 | static int br_multicast_query(struct net_bridge *br, | 1097 | static int br_ip4_multicast_query(struct net_bridge *br, |
815 | struct net_bridge_port *port, | 1098 | struct net_bridge_port *port, |
816 | struct sk_buff *skb) | 1099 | struct sk_buff *skb) |
817 | { | 1100 | { |
818 | struct iphdr *iph = ip_hdr(skb); | 1101 | struct iphdr *iph = ip_hdr(skb); |
819 | struct igmphdr *ih = igmp_hdr(skb); | 1102 | struct igmphdr *ih = igmp_hdr(skb); |
@@ -831,7 +1114,7 @@ static int br_multicast_query(struct net_bridge *br, | |||
831 | (port && port->state == BR_STATE_DISABLED)) | 1114 | (port && port->state == BR_STATE_DISABLED)) |
832 | goto out; | 1115 | goto out; |
833 | 1116 | ||
834 | br_multicast_query_received(br, port, iph->saddr); | 1117 | br_multicast_query_received(br, port, !!iph->saddr); |
835 | 1118 | ||
836 | group = ih->group; | 1119 | group = ih->group; |
837 | 1120 | ||
@@ -859,7 +1142,7 @@ static int br_multicast_query(struct net_bridge *br, | |||
859 | if (!group) | 1142 | if (!group) |
860 | goto out; | 1143 | goto out; |
861 | 1144 | ||
862 | mp = br_mdb_ip_get(br->mdb, group); | 1145 | mp = br_mdb_ip4_get(br->mdb, group); |
863 | if (!mp) | 1146 | if (!mp) |
864 | goto out; | 1147 | goto out; |
865 | 1148 | ||
@@ -883,9 +1166,78 @@ out: | |||
883 | return err; | 1166 | return err; |
884 | } | 1167 | } |
885 | 1168 | ||
1169 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
1170 | static int br_ip6_multicast_query(struct net_bridge *br, | ||
1171 | struct net_bridge_port *port, | ||
1172 | struct sk_buff *skb) | ||
1173 | { | ||
1174 | struct ipv6hdr *ip6h = ipv6_hdr(skb); | ||
1175 | struct mld_msg *mld = (struct mld_msg *) icmp6_hdr(skb); | ||
1176 | struct net_bridge_mdb_entry *mp; | ||
1177 | struct mld2_query *mld2q; | ||
1178 | struct net_bridge_port_group *p, **pp; | ||
1179 | unsigned long max_delay; | ||
1180 | unsigned long now = jiffies; | ||
1181 | struct in6_addr *group = NULL; | ||
1182 | int err = 0; | ||
1183 | |||
1184 | spin_lock(&br->multicast_lock); | ||
1185 | if (!netif_running(br->dev) || | ||
1186 | (port && port->state == BR_STATE_DISABLED)) | ||
1187 | goto out; | ||
1188 | |||
1189 | br_multicast_query_received(br, port, !ipv6_addr_any(&ip6h->saddr)); | ||
1190 | |||
1191 | if (skb->len == sizeof(*mld)) { | ||
1192 | if (!pskb_may_pull(skb, sizeof(*mld))) { | ||
1193 | err = -EINVAL; | ||
1194 | goto out; | ||
1195 | } | ||
1196 | mld = (struct mld_msg *) icmp6_hdr(skb); | ||
1197 | max_delay = msecs_to_jiffies(htons(mld->mld_maxdelay)); | ||
1198 | if (max_delay) | ||
1199 | group = &mld->mld_mca; | ||
1200 | } else if (skb->len >= sizeof(*mld2q)) { | ||
1201 | if (!pskb_may_pull(skb, sizeof(*mld2q))) { | ||
1202 | err = -EINVAL; | ||
1203 | goto out; | ||
1204 | } | ||
1205 | mld2q = (struct mld2_query *)icmp6_hdr(skb); | ||
1206 | if (!mld2q->mld2q_nsrcs) | ||
1207 | group = &mld2q->mld2q_mca; | ||
1208 | max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(mld2q->mld2q_mrc) : 1; | ||
1209 | } | ||
1210 | |||
1211 | if (!group) | ||
1212 | goto out; | ||
1213 | |||
1214 | mp = br_mdb_ip6_get(br->mdb, group); | ||
1215 | if (!mp) | ||
1216 | goto out; | ||
1217 | |||
1218 | max_delay *= br->multicast_last_member_count; | ||
1219 | if (!hlist_unhashed(&mp->mglist) && | ||
1220 | (timer_pending(&mp->timer) ? | ||
1221 | time_after(mp->timer.expires, now + max_delay) : | ||
1222 | try_to_del_timer_sync(&mp->timer) >= 0)) | ||
1223 | mod_timer(&mp->timer, now + max_delay); | ||
1224 | |||
1225 | for (pp = &mp->ports; (p = *pp); pp = &p->next) { | ||
1226 | if (timer_pending(&p->timer) ? | ||
1227 | time_after(p->timer.expires, now + max_delay) : | ||
1228 | try_to_del_timer_sync(&p->timer) >= 0) | ||
1229 | mod_timer(&mp->timer, now + max_delay); | ||
1230 | } | ||
1231 | |||
1232 | out: | ||
1233 | spin_unlock(&br->multicast_lock); | ||
1234 | return err; | ||
1235 | } | ||
1236 | #endif | ||
1237 | |||
886 | static void br_multicast_leave_group(struct net_bridge *br, | 1238 | static void br_multicast_leave_group(struct net_bridge *br, |
887 | struct net_bridge_port *port, | 1239 | struct net_bridge_port *port, |
888 | __be32 group) | 1240 | struct br_ip *group) |
889 | { | 1241 | { |
890 | struct net_bridge_mdb_htable *mdb; | 1242 | struct net_bridge_mdb_htable *mdb; |
891 | struct net_bridge_mdb_entry *mp; | 1243 | struct net_bridge_mdb_entry *mp; |
@@ -893,9 +1245,6 @@ static void br_multicast_leave_group(struct net_bridge *br, | |||
893 | unsigned long now; | 1245 | unsigned long now; |
894 | unsigned long time; | 1246 | unsigned long time; |
895 | 1247 | ||
896 | if (ipv4_is_local_multicast(group)) | ||
897 | return; | ||
898 | |||
899 | spin_lock(&br->multicast_lock); | 1248 | spin_lock(&br->multicast_lock); |
900 | if (!netif_running(br->dev) || | 1249 | if (!netif_running(br->dev) || |
901 | (port && port->state == BR_STATE_DISABLED) || | 1250 | (port && port->state == BR_STATE_DISABLED) || |
@@ -946,6 +1295,38 @@ out: | |||
946 | spin_unlock(&br->multicast_lock); | 1295 | spin_unlock(&br->multicast_lock); |
947 | } | 1296 | } |
948 | 1297 | ||
1298 | static void br_ip4_multicast_leave_group(struct net_bridge *br, | ||
1299 | struct net_bridge_port *port, | ||
1300 | __be32 group) | ||
1301 | { | ||
1302 | struct br_ip br_group; | ||
1303 | |||
1304 | if (ipv4_is_local_multicast(group)) | ||
1305 | return; | ||
1306 | |||
1307 | br_group.u.ip4 = group; | ||
1308 | br_group.proto = htons(ETH_P_IP); | ||
1309 | |||
1310 | br_multicast_leave_group(br, port, &br_group); | ||
1311 | } | ||
1312 | |||
1313 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
1314 | static void br_ip6_multicast_leave_group(struct net_bridge *br, | ||
1315 | struct net_bridge_port *port, | ||
1316 | const struct in6_addr *group) | ||
1317 | { | ||
1318 | struct br_ip br_group; | ||
1319 | |||
1320 | if (ipv6_is_local_multicast(group)) | ||
1321 | return; | ||
1322 | |||
1323 | ipv6_addr_copy(&br_group.u.ip6, group); | ||
1324 | br_group.proto = htons(ETH_P_IPV6); | ||
1325 | |||
1326 | br_multicast_leave_group(br, port, &br_group); | ||
1327 | } | ||
1328 | #endif | ||
1329 | |||
949 | static int br_multicast_ipv4_rcv(struct net_bridge *br, | 1330 | static int br_multicast_ipv4_rcv(struct net_bridge *br, |
950 | struct net_bridge_port *port, | 1331 | struct net_bridge_port *port, |
951 | struct sk_buff *skb) | 1332 | struct sk_buff *skb) |
@@ -1000,8 +1381,6 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br, | |||
1000 | if (!pskb_may_pull(skb2, sizeof(*ih))) | 1381 | if (!pskb_may_pull(skb2, sizeof(*ih))) |
1001 | goto out; | 1382 | goto out; |
1002 | 1383 | ||
1003 | iph = ip_hdr(skb2); | ||
1004 | |||
1005 | switch (skb2->ip_summed) { | 1384 | switch (skb2->ip_summed) { |
1006 | case CHECKSUM_COMPLETE: | 1385 | case CHECKSUM_COMPLETE: |
1007 | if (!csum_fold(skb2->csum)) | 1386 | if (!csum_fold(skb2->csum)) |
@@ -1022,16 +1401,16 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br, | |||
1022 | case IGMP_HOST_MEMBERSHIP_REPORT: | 1401 | case IGMP_HOST_MEMBERSHIP_REPORT: |
1023 | case IGMPV2_HOST_MEMBERSHIP_REPORT: | 1402 | case IGMPV2_HOST_MEMBERSHIP_REPORT: |
1024 | BR_INPUT_SKB_CB(skb2)->mrouters_only = 1; | 1403 | BR_INPUT_SKB_CB(skb2)->mrouters_only = 1; |
1025 | err = br_multicast_add_group(br, port, ih->group); | 1404 | err = br_ip4_multicast_add_group(br, port, ih->group); |
1026 | break; | 1405 | break; |
1027 | case IGMPV3_HOST_MEMBERSHIP_REPORT: | 1406 | case IGMPV3_HOST_MEMBERSHIP_REPORT: |
1028 | err = br_multicast_igmp3_report(br, port, skb2); | 1407 | err = br_ip4_multicast_igmp3_report(br, port, skb2); |
1029 | break; | 1408 | break; |
1030 | case IGMP_HOST_MEMBERSHIP_QUERY: | 1409 | case IGMP_HOST_MEMBERSHIP_QUERY: |
1031 | err = br_multicast_query(br, port, skb2); | 1410 | err = br_ip4_multicast_query(br, port, skb2); |
1032 | break; | 1411 | break; |
1033 | case IGMP_HOST_LEAVE_MESSAGE: | 1412 | case IGMP_HOST_LEAVE_MESSAGE: |
1034 | br_multicast_leave_group(br, port, ih->group); | 1413 | br_ip4_multicast_leave_group(br, port, ih->group); |
1035 | break; | 1414 | break; |
1036 | } | 1415 | } |
1037 | 1416 | ||
@@ -1043,6 +1422,123 @@ err_out: | |||
1043 | return err; | 1422 | return err; |
1044 | } | 1423 | } |
1045 | 1424 | ||
1425 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
1426 | static int br_multicast_ipv6_rcv(struct net_bridge *br, | ||
1427 | struct net_bridge_port *port, | ||
1428 | struct sk_buff *skb) | ||
1429 | { | ||
1430 | struct sk_buff *skb2 = skb; | ||
1431 | struct ipv6hdr *ip6h; | ||
1432 | struct icmp6hdr *icmp6h; | ||
1433 | u8 nexthdr; | ||
1434 | unsigned len; | ||
1435 | unsigned offset; | ||
1436 | int err; | ||
1437 | |||
1438 | if (!pskb_may_pull(skb, sizeof(*ip6h))) | ||
1439 | return -EINVAL; | ||
1440 | |||
1441 | ip6h = ipv6_hdr(skb); | ||
1442 | |||
1443 | /* | ||
1444 | * We're interested in MLD messages only. | ||
1445 | * - Version is 6 | ||
1446 | * - MLD has always Router Alert hop-by-hop option | ||
1447 | * - But we do not support jumbrograms. | ||
1448 | */ | ||
1449 | if (ip6h->version != 6 || | ||
1450 | ip6h->nexthdr != IPPROTO_HOPOPTS || | ||
1451 | ip6h->payload_len == 0) | ||
1452 | return 0; | ||
1453 | |||
1454 | len = ntohs(ip6h->payload_len); | ||
1455 | if (skb->len < len) | ||
1456 | return -EINVAL; | ||
1457 | |||
1458 | nexthdr = ip6h->nexthdr; | ||
1459 | offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr); | ||
1460 | |||
1461 | if (offset < 0 || nexthdr != IPPROTO_ICMPV6) | ||
1462 | return 0; | ||
1463 | |||
1464 | /* Okay, we found ICMPv6 header */ | ||
1465 | skb2 = skb_clone(skb, GFP_ATOMIC); | ||
1466 | if (!skb2) | ||
1467 | return -ENOMEM; | ||
1468 | |||
1469 | len -= offset - skb_network_offset(skb2); | ||
1470 | |||
1471 | __skb_pull(skb2, offset); | ||
1472 | skb_reset_transport_header(skb2); | ||
1473 | |||
1474 | err = -EINVAL; | ||
1475 | if (!pskb_may_pull(skb2, sizeof(*icmp6h))) | ||
1476 | goto out; | ||
1477 | |||
1478 | icmp6h = icmp6_hdr(skb2); | ||
1479 | |||
1480 | switch (icmp6h->icmp6_type) { | ||
1481 | case ICMPV6_MGM_QUERY: | ||
1482 | case ICMPV6_MGM_REPORT: | ||
1483 | case ICMPV6_MGM_REDUCTION: | ||
1484 | case ICMPV6_MLD2_REPORT: | ||
1485 | break; | ||
1486 | default: | ||
1487 | err = 0; | ||
1488 | goto out; | ||
1489 | } | ||
1490 | |||
1491 | /* Okay, we found MLD message. Check further. */ | ||
1492 | if (skb2->len > len) { | ||
1493 | err = pskb_trim_rcsum(skb2, len); | ||
1494 | if (err) | ||
1495 | goto out; | ||
1496 | } | ||
1497 | |||
1498 | switch (skb2->ip_summed) { | ||
1499 | case CHECKSUM_COMPLETE: | ||
1500 | if (!csum_fold(skb2->csum)) | ||
1501 | break; | ||
1502 | /*FALLTHROUGH*/ | ||
1503 | case CHECKSUM_NONE: | ||
1504 | skb2->csum = 0; | ||
1505 | if (skb_checksum_complete(skb2)) | ||
1506 | goto out; | ||
1507 | } | ||
1508 | |||
1509 | err = 0; | ||
1510 | |||
1511 | BR_INPUT_SKB_CB(skb)->igmp = 1; | ||
1512 | |||
1513 | switch (icmp6h->icmp6_type) { | ||
1514 | case ICMPV6_MGM_REPORT: | ||
1515 | { | ||
1516 | struct mld_msg *mld = (struct mld_msg *)icmp6h; | ||
1517 | BR_INPUT_SKB_CB(skb2)->mrouters_only = 1; | ||
1518 | err = br_ip6_multicast_add_group(br, port, &mld->mld_mca); | ||
1519 | break; | ||
1520 | } | ||
1521 | case ICMPV6_MLD2_REPORT: | ||
1522 | err = br_ip6_multicast_mld2_report(br, port, skb2); | ||
1523 | break; | ||
1524 | case ICMPV6_MGM_QUERY: | ||
1525 | err = br_ip6_multicast_query(br, port, skb2); | ||
1526 | break; | ||
1527 | case ICMPV6_MGM_REDUCTION: | ||
1528 | { | ||
1529 | struct mld_msg *mld = (struct mld_msg *)icmp6h; | ||
1530 | br_ip6_multicast_leave_group(br, port, &mld->mld_mca); | ||
1531 | } | ||
1532 | } | ||
1533 | |||
1534 | out: | ||
1535 | __skb_push(skb2, offset); | ||
1536 | if (skb2 != skb) | ||
1537 | kfree_skb(skb2); | ||
1538 | return err; | ||
1539 | } | ||
1540 | #endif | ||
1541 | |||
1046 | int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port, | 1542 | int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port, |
1047 | struct sk_buff *skb) | 1543 | struct sk_buff *skb) |
1048 | { | 1544 | { |
@@ -1055,6 +1551,10 @@ int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port, | |||
1055 | switch (skb->protocol) { | 1551 | switch (skb->protocol) { |
1056 | case htons(ETH_P_IP): | 1552 | case htons(ETH_P_IP): |
1057 | return br_multicast_ipv4_rcv(br, port, skb); | 1553 | return br_multicast_ipv4_rcv(br, port, skb); |
1554 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
1555 | case htons(ETH_P_IPV6): | ||
1556 | return br_multicast_ipv6_rcv(br, port, skb); | ||
1557 | #endif | ||
1058 | } | 1558 | } |
1059 | 1559 | ||
1060 | return 0; | 1560 | return 0; |
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 4c4977d12fd..44420992f72 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -3,15 +3,8 @@ | |||
3 | * Linux ethernet bridge | 3 | * Linux ethernet bridge |
4 | * | 4 | * |
5 | * Authors: | 5 | * Authors: |
6 | * Lennert Buytenhek <buytenh@gnu.org> | 6 | * Lennert Buytenhek <buytenh@gnu.org> |
7 | * Bart De Schuymer (maintainer) <bdschuym@pandora.be> | 7 | * Bart De Schuymer <bdschuym@pandora.be> |
8 | * | ||
9 | * Changes: | ||
10 | * Apr 29 2003: physdev module support (bdschuym) | ||
11 | * Jun 19 2003: let arptables see bridged ARP traffic (bdschuym) | ||
12 | * Oct 06 2003: filter encapsulated IP/ARP VLAN traffic on untagged bridge | ||
13 | * (bdschuym) | ||
14 | * Sep 01 2004: add IPv6 filtering (bdschuym) | ||
15 | * | 8 | * |
16 | * This program is free software; you can redistribute it and/or | 9 | * This program is free software; you can redistribute it and/or |
17 | * modify it under the terms of the GNU General Public License | 10 | * modify it under the terms of the GNU General Public License |
@@ -204,15 +197,24 @@ static inline void nf_bridge_save_header(struct sk_buff *skb) | |||
204 | skb->nf_bridge->data, header_size); | 197 | skb->nf_bridge->data, header_size); |
205 | } | 198 | } |
206 | 199 | ||
207 | /* | 200 | static inline void nf_bridge_update_protocol(struct sk_buff *skb) |
208 | * When forwarding bridge frames, we save a copy of the original | 201 | { |
209 | * header before processing. | 202 | if (skb->nf_bridge->mask & BRNF_8021Q) |
203 | skb->protocol = htons(ETH_P_8021Q); | ||
204 | else if (skb->nf_bridge->mask & BRNF_PPPoE) | ||
205 | skb->protocol = htons(ETH_P_PPP_SES); | ||
206 | } | ||
207 | |||
208 | /* Fill in the header for fragmented IP packets handled by | ||
209 | * the IPv4 connection tracking code. | ||
210 | */ | 210 | */ |
211 | int nf_bridge_copy_header(struct sk_buff *skb) | 211 | int nf_bridge_copy_header(struct sk_buff *skb) |
212 | { | 212 | { |
213 | int err; | 213 | int err; |
214 | int header_size = ETH_HLEN + nf_bridge_encap_header_len(skb); | 214 | unsigned int header_size; |
215 | 215 | ||
216 | nf_bridge_update_protocol(skb); | ||
217 | header_size = ETH_HLEN + nf_bridge_encap_header_len(skb); | ||
216 | err = skb_cow_head(skb, header_size); | 218 | err = skb_cow_head(skb, header_size); |
217 | if (err) | 219 | if (err) |
218 | return err; | 220 | return err; |
@@ -246,27 +248,48 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) | |||
246 | skb_dst_set(skb, &rt->u.dst); | 248 | skb_dst_set(skb, &rt->u.dst); |
247 | 249 | ||
248 | skb->dev = nf_bridge->physindev; | 250 | skb->dev = nf_bridge->physindev; |
251 | nf_bridge_update_protocol(skb); | ||
249 | nf_bridge_push_encap_header(skb); | 252 | nf_bridge_push_encap_header(skb); |
250 | NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, | 253 | NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, |
251 | br_handle_frame_finish, 1); | 254 | br_handle_frame_finish, 1); |
252 | 255 | ||
253 | return 0; | 256 | return 0; |
254 | } | 257 | } |
255 | 258 | ||
256 | static void __br_dnat_complain(void) | 259 | /* Obtain the correct destination MAC address, while preserving the original |
260 | * source MAC address. If we already know this address, we just copy it. If we | ||
261 | * don't, we use the neighbour framework to find out. In both cases, we make | ||
262 | * sure that br_handle_frame_finish() is called afterwards. | ||
263 | */ | ||
264 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) | ||
257 | { | 265 | { |
258 | static unsigned long last_complaint; | 266 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
267 | struct dst_entry *dst; | ||
259 | 268 | ||
260 | if (jiffies - last_complaint >= 5 * HZ) { | 269 | skb->dev = bridge_parent(skb->dev); |
261 | printk(KERN_WARNING "Performing cross-bridge DNAT requires IP " | 270 | if (!skb->dev) |
262 | "forwarding to be enabled\n"); | 271 | goto free_skb; |
263 | last_complaint = jiffies; | 272 | dst = skb_dst(skb); |
273 | if (dst->hh) { | ||
274 | neigh_hh_bridge(dst->hh, skb); | ||
275 | skb->dev = nf_bridge->physindev; | ||
276 | return br_handle_frame_finish(skb); | ||
277 | } else if (dst->neighbour) { | ||
278 | /* the neighbour function below overwrites the complete | ||
279 | * MAC header, so we save the Ethernet source address and | ||
280 | * protocol number. */ | ||
281 | skb_copy_from_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), skb->nf_bridge->data, ETH_HLEN-ETH_ALEN); | ||
282 | /* tell br_dev_xmit to continue with forwarding */ | ||
283 | nf_bridge->mask |= BRNF_BRIDGED_DNAT; | ||
284 | return dst->neighbour->output(skb); | ||
264 | } | 285 | } |
286 | free_skb: | ||
287 | kfree_skb(skb); | ||
288 | return 0; | ||
265 | } | 289 | } |
266 | 290 | ||
267 | /* This requires some explaining. If DNAT has taken place, | 291 | /* This requires some explaining. If DNAT has taken place, |
268 | * we will need to fix up the destination Ethernet address, | 292 | * we will need to fix up the destination Ethernet address. |
269 | * and this is a tricky process. | ||
270 | * | 293 | * |
271 | * There are two cases to consider: | 294 | * There are two cases to consider: |
272 | * 1. The packet was DNAT'ed to a device in the same bridge | 295 | * 1. The packet was DNAT'ed to a device in the same bridge |
@@ -280,62 +303,29 @@ static void __br_dnat_complain(void) | |||
280 | * call ip_route_input() and to look at skb->dst->dev, which is | 303 | * call ip_route_input() and to look at skb->dst->dev, which is |
281 | * changed to the destination device if ip_route_input() succeeds. | 304 | * changed to the destination device if ip_route_input() succeeds. |
282 | * | 305 | * |
283 | * Let us first consider the case that ip_route_input() succeeds: | 306 | * Let's first consider the case that ip_route_input() succeeds: |
284 | * | ||
285 | * If skb->dst->dev equals the logical bridge device the packet | ||
286 | * came in on, we can consider this bridging. The packet is passed | ||
287 | * through the neighbour output function to build a new destination | ||
288 | * MAC address, which will make the packet enter br_nf_local_out() | ||
289 | * not much later. In that function it is assured that the iptables | ||
290 | * FORWARD chain is traversed for the packet. | ||
291 | * | 307 | * |
308 | * If the output device equals the logical bridge device the packet | ||
309 | * came in on, we can consider this bridging. The corresponding MAC | ||
310 | * address will be obtained in br_nf_pre_routing_finish_bridge. | ||
292 | * Otherwise, the packet is considered to be routed and we just | 311 | * Otherwise, the packet is considered to be routed and we just |
293 | * change the destination MAC address so that the packet will | 312 | * change the destination MAC address so that the packet will |
294 | * later be passed up to the IP stack to be routed. For a redirected | 313 | * later be passed up to the IP stack to be routed. For a redirected |
295 | * packet, ip_route_input() will give back the localhost as output device, | 314 | * packet, ip_route_input() will give back the localhost as output device, |
296 | * which differs from the bridge device. | 315 | * which differs from the bridge device. |
297 | * | 316 | * |
298 | * Let us now consider the case that ip_route_input() fails: | 317 | * Let's now consider the case that ip_route_input() fails: |
299 | * | 318 | * |
300 | * This can be because the destination address is martian, in which case | 319 | * This can be because the destination address is martian, in which case |
301 | * the packet will be dropped. | 320 | * the packet will be dropped. |
302 | * After a "echo '0' > /proc/sys/net/ipv4/ip_forward" ip_route_input() | 321 | * If IP forwarding is disabled, ip_route_input() will fail, while |
303 | * will fail, while __ip_route_output_key() will return success. The source | 322 | * ip_route_output_key() can return success. The source |
304 | * address for __ip_route_output_key() is set to zero, so __ip_route_output_key | 323 | * address for ip_route_output_key() is set to zero, so ip_route_output_key() |
305 | * thinks we're handling a locally generated packet and won't care | 324 | * thinks we're handling a locally generated packet and won't care |
306 | * if IP forwarding is allowed. We send a warning message to the users's | 325 | * if IP forwarding is enabled. If the output device equals the logical bridge |
307 | * log telling her to put IP forwarding on. | 326 | * device, we proceed as if ip_route_input() succeeded. If it differs from the |
308 | * | 327 | * logical bridge port or if ip_route_output_key() fails we drop the packet. |
309 | * ip_route_input() will also fail if there is no route available. | 328 | */ |
310 | * In that case we just drop the packet. | ||
311 | * | ||
312 | * --Lennert, 20020411 | ||
313 | * --Bart, 20020416 (updated) | ||
314 | * --Bart, 20021007 (updated) | ||
315 | * --Bart, 20062711 (updated) */ | ||
316 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) | ||
317 | { | ||
318 | if (skb->pkt_type == PACKET_OTHERHOST) { | ||
319 | skb->pkt_type = PACKET_HOST; | ||
320 | skb->nf_bridge->mask |= BRNF_PKT_TYPE; | ||
321 | } | ||
322 | skb->nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; | ||
323 | |||
324 | skb->dev = bridge_parent(skb->dev); | ||
325 | if (skb->dev) { | ||
326 | struct dst_entry *dst = skb_dst(skb); | ||
327 | |||
328 | nf_bridge_pull_encap_header(skb); | ||
329 | |||
330 | if (dst->hh) | ||
331 | return neigh_hh_output(dst->hh, skb); | ||
332 | else if (dst->neighbour) | ||
333 | return dst->neighbour->output(skb); | ||
334 | } | ||
335 | kfree_skb(skb); | ||
336 | return 0; | ||
337 | } | ||
338 | |||
339 | static int br_nf_pre_routing_finish(struct sk_buff *skb) | 329 | static int br_nf_pre_routing_finish(struct sk_buff *skb) |
340 | { | 330 | { |
341 | struct net_device *dev = skb->dev; | 331 | struct net_device *dev = skb->dev; |
@@ -379,11 +369,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) | |||
379 | skb_dst_set(skb, (struct dst_entry *)rt); | 369 | skb_dst_set(skb, (struct dst_entry *)rt); |
380 | goto bridged_dnat; | 370 | goto bridged_dnat; |
381 | } | 371 | } |
382 | /* we are sure that forwarding is disabled, so printing | ||
383 | * this message is no problem. Note that the packet could | ||
384 | * still have a martian destination address, in which case | ||
385 | * the packet could be dropped even if forwarding were enabled */ | ||
386 | __br_dnat_complain(); | ||
387 | dst_release((struct dst_entry *)rt); | 372 | dst_release((struct dst_entry *)rt); |
388 | } | 373 | } |
389 | free_skb: | 374 | free_skb: |
@@ -392,12 +377,11 @@ free_skb: | |||
392 | } else { | 377 | } else { |
393 | if (skb_dst(skb)->dev == dev) { | 378 | if (skb_dst(skb)->dev == dev) { |
394 | bridged_dnat: | 379 | bridged_dnat: |
395 | /* Tell br_nf_local_out this is a | ||
396 | * bridged frame */ | ||
397 | nf_bridge->mask |= BRNF_BRIDGED_DNAT; | ||
398 | skb->dev = nf_bridge->physindev; | 380 | skb->dev = nf_bridge->physindev; |
381 | nf_bridge_update_protocol(skb); | ||
399 | nf_bridge_push_encap_header(skb); | 382 | nf_bridge_push_encap_header(skb); |
400 | NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, | 383 | NF_HOOK_THRESH(NFPROTO_BRIDGE, |
384 | NF_BR_PRE_ROUTING, | ||
401 | skb, skb->dev, NULL, | 385 | skb, skb->dev, NULL, |
402 | br_nf_pre_routing_finish_bridge, | 386 | br_nf_pre_routing_finish_bridge, |
403 | 1); | 387 | 1); |
@@ -417,8 +401,9 @@ bridged_dnat: | |||
417 | } | 401 | } |
418 | 402 | ||
419 | skb->dev = nf_bridge->physindev; | 403 | skb->dev = nf_bridge->physindev; |
404 | nf_bridge_update_protocol(skb); | ||
420 | nf_bridge_push_encap_header(skb); | 405 | nf_bridge_push_encap_header(skb); |
421 | NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, | 406 | NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, |
422 | br_handle_frame_finish, 1); | 407 | br_handle_frame_finish, 1); |
423 | 408 | ||
424 | return 0; | 409 | return 0; |
@@ -437,6 +422,10 @@ static struct net_device *setup_pre_routing(struct sk_buff *skb) | |||
437 | nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING; | 422 | nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING; |
438 | nf_bridge->physindev = skb->dev; | 423 | nf_bridge->physindev = skb->dev; |
439 | skb->dev = bridge_parent(skb->dev); | 424 | skb->dev = bridge_parent(skb->dev); |
425 | if (skb->protocol == htons(ETH_P_8021Q)) | ||
426 | nf_bridge->mask |= BRNF_8021Q; | ||
427 | else if (skb->protocol == htons(ETH_P_PPP_SES)) | ||
428 | nf_bridge->mask |= BRNF_PPPoE; | ||
440 | 429 | ||
441 | return skb->dev; | 430 | return skb->dev; |
442 | } | 431 | } |
@@ -535,7 +524,8 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
535 | if (!setup_pre_routing(skb)) | 524 | if (!setup_pre_routing(skb)) |
536 | return NF_DROP; | 525 | return NF_DROP; |
537 | 526 | ||
538 | NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, | 527 | skb->protocol = htons(ETH_P_IPV6); |
528 | NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, | ||
539 | br_nf_pre_routing_finish_ipv6); | 529 | br_nf_pre_routing_finish_ipv6); |
540 | 530 | ||
541 | return NF_STOLEN; | 531 | return NF_STOLEN; |
@@ -607,8 +597,9 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
607 | if (!setup_pre_routing(skb)) | 597 | if (!setup_pre_routing(skb)) |
608 | return NF_DROP; | 598 | return NF_DROP; |
609 | store_orig_dstaddr(skb); | 599 | store_orig_dstaddr(skb); |
600 | skb->protocol = htons(ETH_P_IP); | ||
610 | 601 | ||
611 | NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, | 602 | NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, |
612 | br_nf_pre_routing_finish); | 603 | br_nf_pre_routing_finish); |
613 | 604 | ||
614 | return NF_STOLEN; | 605 | return NF_STOLEN; |
@@ -652,11 +643,13 @@ static int br_nf_forward_finish(struct sk_buff *skb) | |||
652 | skb->pkt_type = PACKET_OTHERHOST; | 643 | skb->pkt_type = PACKET_OTHERHOST; |
653 | nf_bridge->mask ^= BRNF_PKT_TYPE; | 644 | nf_bridge->mask ^= BRNF_PKT_TYPE; |
654 | } | 645 | } |
646 | nf_bridge_update_protocol(skb); | ||
655 | } else { | 647 | } else { |
656 | in = *((struct net_device **)(skb->cb)); | 648 | in = *((struct net_device **)(skb->cb)); |
657 | } | 649 | } |
658 | nf_bridge_push_encap_header(skb); | 650 | nf_bridge_push_encap_header(skb); |
659 | NF_HOOK_THRESH(PF_BRIDGE, NF_BR_FORWARD, skb, in, | 651 | |
652 | NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, in, | ||
660 | skb->dev, br_forward_finish, 1); | 653 | skb->dev, br_forward_finish, 1); |
661 | return 0; | 654 | return 0; |
662 | } | 655 | } |
@@ -707,6 +700,10 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb, | |||
707 | /* The physdev module checks on this */ | 700 | /* The physdev module checks on this */ |
708 | nf_bridge->mask |= BRNF_BRIDGED; | 701 | nf_bridge->mask |= BRNF_BRIDGED; |
709 | nf_bridge->physoutdev = skb->dev; | 702 | nf_bridge->physoutdev = skb->dev; |
703 | if (pf == PF_INET) | ||
704 | skb->protocol = htons(ETH_P_IP); | ||
705 | else | ||
706 | skb->protocol = htons(ETH_P_IPV6); | ||
710 | 707 | ||
711 | NF_HOOK(pf, NF_INET_FORWARD, skb, bridge_parent(in), parent, | 708 | NF_HOOK(pf, NF_INET_FORWARD, skb, bridge_parent(in), parent, |
712 | br_nf_forward_finish); | 709 | br_nf_forward_finish); |
@@ -744,60 +741,11 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb, | |||
744 | return NF_STOLEN; | 741 | return NF_STOLEN; |
745 | } | 742 | } |
746 | 743 | ||
747 | /* PF_BRIDGE/LOCAL_OUT *********************************************** | ||
748 | * | ||
749 | * This function sees both locally originated IP packets and forwarded | ||
750 | * IP packets (in both cases the destination device is a bridge | ||
751 | * device). It also sees bridged-and-DNAT'ed packets. | ||
752 | * | ||
753 | * If (nf_bridge->mask & BRNF_BRIDGED_DNAT) then the packet is bridged | ||
754 | * and we fake the PF_BRIDGE/FORWARD hook. The function br_nf_forward() | ||
755 | * will then fake the PF_INET/FORWARD hook. br_nf_local_out() has priority | ||
756 | * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor | ||
757 | * will be executed. | ||
758 | */ | ||
759 | static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb, | ||
760 | const struct net_device *in, | ||
761 | const struct net_device *out, | ||
762 | int (*okfn)(struct sk_buff *)) | ||
763 | { | ||
764 | struct net_device *realindev; | ||
765 | struct nf_bridge_info *nf_bridge; | ||
766 | |||
767 | if (!skb->nf_bridge) | ||
768 | return NF_ACCEPT; | ||
769 | |||
770 | /* Need exclusive nf_bridge_info since we might have multiple | ||
771 | * different physoutdevs. */ | ||
772 | if (!nf_bridge_unshare(skb)) | ||
773 | return NF_DROP; | ||
774 | |||
775 | nf_bridge = skb->nf_bridge; | ||
776 | if (!(nf_bridge->mask & BRNF_BRIDGED_DNAT)) | ||
777 | return NF_ACCEPT; | ||
778 | |||
779 | /* Bridged, take PF_BRIDGE/FORWARD. | ||
780 | * (see big note in front of br_nf_pre_routing_finish) */ | ||
781 | nf_bridge->physoutdev = skb->dev; | ||
782 | realindev = nf_bridge->physindev; | ||
783 | |||
784 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | ||
785 | skb->pkt_type = PACKET_OTHERHOST; | ||
786 | nf_bridge->mask ^= BRNF_PKT_TYPE; | ||
787 | } | ||
788 | nf_bridge_push_encap_header(skb); | ||
789 | |||
790 | NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, realindev, skb->dev, | ||
791 | br_forward_finish); | ||
792 | return NF_STOLEN; | ||
793 | } | ||
794 | |||
795 | #if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE) | 744 | #if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE) |
796 | static int br_nf_dev_queue_xmit(struct sk_buff *skb) | 745 | static int br_nf_dev_queue_xmit(struct sk_buff *skb) |
797 | { | 746 | { |
798 | if (skb->nfct != NULL && | 747 | if (skb->nfct != NULL && skb->protocol == htons(ETH_P_IP) && |
799 | (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) && | 748 | skb->len + nf_bridge_mtu_reduction(skb) > skb->dev->mtu && |
800 | skb->len > skb->dev->mtu && | ||
801 | !skb_is_gso(skb)) | 749 | !skb_is_gso(skb)) |
802 | return ip_fragment(skb, br_dev_queue_push_xmit); | 750 | return ip_fragment(skb, br_dev_queue_push_xmit); |
803 | else | 751 | else |
@@ -820,21 +768,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, | |||
820 | struct net_device *realoutdev = bridge_parent(skb->dev); | 768 | struct net_device *realoutdev = bridge_parent(skb->dev); |
821 | u_int8_t pf; | 769 | u_int8_t pf; |
822 | 770 | ||
823 | #ifdef CONFIG_NETFILTER_DEBUG | 771 | if (!nf_bridge || !(nf_bridge->mask & BRNF_BRIDGED)) |
824 | /* Be very paranoid. This probably won't happen anymore, but let's | ||
825 | * keep the check just to be sure... */ | ||
826 | if (skb_mac_header(skb) < skb->head || | ||
827 | skb_mac_header(skb) + ETH_HLEN > skb->data) { | ||
828 | printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: " | ||
829 | "bad mac.raw pointer.\n"); | ||
830 | goto print_error; | ||
831 | } | ||
832 | #endif | ||
833 | |||
834 | if (!nf_bridge) | ||
835 | return NF_ACCEPT; | ||
836 | |||
837 | if (!(nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT))) | ||
838 | return NF_ACCEPT; | 772 | return NF_ACCEPT; |
839 | 773 | ||
840 | if (!realoutdev) | 774 | if (!realoutdev) |
@@ -849,13 +783,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, | |||
849 | else | 783 | else |
850 | return NF_ACCEPT; | 784 | return NF_ACCEPT; |
851 | 785 | ||
852 | #ifdef CONFIG_NETFILTER_DEBUG | ||
853 | if (skb_dst(skb) == NULL) { | ||
854 | printk(KERN_INFO "br_netfilter post_routing: skb->dst == NULL\n"); | ||
855 | goto print_error; | ||
856 | } | ||
857 | #endif | ||
858 | |||
859 | /* We assume any code from br_dev_queue_push_xmit onwards doesn't care | 786 | /* We assume any code from br_dev_queue_push_xmit onwards doesn't care |
860 | * about the value of skb->pkt_type. */ | 787 | * about the value of skb->pkt_type. */ |
861 | if (skb->pkt_type == PACKET_OTHERHOST) { | 788 | if (skb->pkt_type == PACKET_OTHERHOST) { |
@@ -865,24 +792,15 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb, | |||
865 | 792 | ||
866 | nf_bridge_pull_encap_header(skb); | 793 | nf_bridge_pull_encap_header(skb); |
867 | nf_bridge_save_header(skb); | 794 | nf_bridge_save_header(skb); |
795 | if (pf == PF_INET) | ||
796 | skb->protocol = htons(ETH_P_IP); | ||
797 | else | ||
798 | skb->protocol = htons(ETH_P_IPV6); | ||
868 | 799 | ||
869 | NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev, | 800 | NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev, |
870 | br_nf_dev_queue_xmit); | 801 | br_nf_dev_queue_xmit); |
871 | 802 | ||
872 | return NF_STOLEN; | 803 | return NF_STOLEN; |
873 | |||
874 | #ifdef CONFIG_NETFILTER_DEBUG | ||
875 | print_error: | ||
876 | if (skb->dev != NULL) { | ||
877 | printk("[%s]", skb->dev->name); | ||
878 | if (realoutdev) | ||
879 | printk("[%s]", realoutdev->name); | ||
880 | } | ||
881 | printk(" head:%p, raw:%p, data:%p\n", skb->head, skb_mac_header(skb), | ||
882 | skb->data); | ||
883 | dump_stack(); | ||
884 | return NF_ACCEPT; | ||
885 | #endif | ||
886 | } | 804 | } |
887 | 805 | ||
888 | /* IP/SABOTAGE *****************************************************/ | 806 | /* IP/SABOTAGE *****************************************************/ |
@@ -901,10 +819,8 @@ static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb, | |||
901 | return NF_ACCEPT; | 819 | return NF_ACCEPT; |
902 | } | 820 | } |
903 | 821 | ||
904 | /* For br_nf_local_out we need (prio = NF_BR_PRI_FIRST), to insure that innocent | 822 | /* For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because |
905 | * PF_BRIDGE/NF_BR_LOCAL_OUT functions don't get bridged traffic as input. | 823 | * br_dev_queue_push_xmit is called afterwards */ |
906 | * For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because | ||
907 | * ip_refrag() can return NF_STOLEN. */ | ||
908 | static struct nf_hook_ops br_nf_ops[] __read_mostly = { | 824 | static struct nf_hook_ops br_nf_ops[] __read_mostly = { |
909 | { | 825 | { |
910 | .hook = br_nf_pre_routing, | 826 | .hook = br_nf_pre_routing, |
@@ -935,13 +851,6 @@ static struct nf_hook_ops br_nf_ops[] __read_mostly = { | |||
935 | .priority = NF_BR_PRI_BRNF, | 851 | .priority = NF_BR_PRI_BRNF, |
936 | }, | 852 | }, |
937 | { | 853 | { |
938 | .hook = br_nf_local_out, | ||
939 | .owner = THIS_MODULE, | ||
940 | .pf = PF_BRIDGE, | ||
941 | .hooknum = NF_BR_LOCAL_OUT, | ||
942 | .priority = NF_BR_PRI_FIRST, | ||
943 | }, | ||
944 | { | ||
945 | .hook = br_nf_post_routing, | 854 | .hook = br_nf_post_routing, |
946 | .owner = THIS_MODULE, | 855 | .owner = THIS_MODULE, |
947 | .pf = PF_BRIDGE, | 856 | .pf = PF_BRIDGE, |
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index aa56ac2c882..fe0a79018ab 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c | |||
@@ -42,8 +42,8 @@ static int br_fill_ifinfo(struct sk_buff *skb, const struct net_bridge_port *por | |||
42 | struct nlmsghdr *nlh; | 42 | struct nlmsghdr *nlh; |
43 | u8 operstate = netif_running(dev) ? dev->operstate : IF_OPER_DOWN; | 43 | u8 operstate = netif_running(dev) ? dev->operstate : IF_OPER_DOWN; |
44 | 44 | ||
45 | pr_debug("br_fill_info event %d port %s master %s\n", | 45 | br_debug(br, "br_fill_info event %d port %s master %s\n", |
46 | event, dev->name, br->dev->name); | 46 | event, dev->name, br->dev->name); |
47 | 47 | ||
48 | nlh = nlmsg_put(skb, pid, seq, event, sizeof(*hdr), flags); | 48 | nlh = nlmsg_put(skb, pid, seq, event, sizeof(*hdr), flags); |
49 | if (nlh == NULL) | 49 | if (nlh == NULL) |
@@ -87,7 +87,9 @@ void br_ifinfo_notify(int event, struct net_bridge_port *port) | |||
87 | struct sk_buff *skb; | 87 | struct sk_buff *skb; |
88 | int err = -ENOBUFS; | 88 | int err = -ENOBUFS; |
89 | 89 | ||
90 | pr_debug("bridge notify event=%d\n", event); | 90 | br_debug(port->br, "port %u(%s) event %d\n", |
91 | (unsigned)port->port_no, port->dev->name, event); | ||
92 | |||
91 | skb = nlmsg_new(br_nlmsg_size(), GFP_ATOMIC); | 93 | skb = nlmsg_new(br_nlmsg_size(), GFP_ATOMIC); |
92 | if (skb == NULL) | 94 | if (skb == NULL) |
93 | goto errout; | 95 | goto errout; |
diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c index 763a3ec292e..717e1fd6133 100644 --- a/net/bridge/br_notify.c +++ b/net/bridge/br_notify.c | |||
@@ -34,6 +34,7 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v | |||
34 | struct net_device *dev = ptr; | 34 | struct net_device *dev = ptr; |
35 | struct net_bridge_port *p = dev->br_port; | 35 | struct net_bridge_port *p = dev->br_port; |
36 | struct net_bridge *br; | 36 | struct net_bridge *br; |
37 | int err; | ||
37 | 38 | ||
38 | /* not a port of a bridge */ | 39 | /* not a port of a bridge */ |
39 | if (p == NULL) | 40 | if (p == NULL) |
@@ -82,6 +83,16 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v | |||
82 | case NETDEV_UNREGISTER: | 83 | case NETDEV_UNREGISTER: |
83 | br_del_if(br, dev); | 84 | br_del_if(br, dev); |
84 | break; | 85 | break; |
86 | |||
87 | case NETDEV_CHANGENAME: | ||
88 | err = br_sysfs_renameif(p); | ||
89 | if (err) | ||
90 | return notifier_from_errno(err); | ||
91 | break; | ||
92 | |||
93 | case NETDEV_PRE_TYPE_CHANGE: | ||
94 | /* Forbid underlaying device to change its type. */ | ||
95 | return NOTIFY_BAD; | ||
85 | } | 96 | } |
86 | 97 | ||
87 | /* Events that may cause spanning tree to refresh */ | 98 | /* Events that may cause spanning tree to refresh */ |
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 846d7d1e207..0f4a74bc6a9 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h | |||
@@ -45,6 +45,17 @@ struct mac_addr | |||
45 | unsigned char addr[6]; | 45 | unsigned char addr[6]; |
46 | }; | 46 | }; |
47 | 47 | ||
48 | struct br_ip | ||
49 | { | ||
50 | union { | ||
51 | __be32 ip4; | ||
52 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
53 | struct in6_addr ip6; | ||
54 | #endif | ||
55 | } u; | ||
56 | __be16 proto; | ||
57 | }; | ||
58 | |||
48 | struct net_bridge_fdb_entry | 59 | struct net_bridge_fdb_entry |
49 | { | 60 | { |
50 | struct hlist_node hlist; | 61 | struct hlist_node hlist; |
@@ -64,7 +75,7 @@ struct net_bridge_port_group { | |||
64 | struct rcu_head rcu; | 75 | struct rcu_head rcu; |
65 | struct timer_list timer; | 76 | struct timer_list timer; |
66 | struct timer_list query_timer; | 77 | struct timer_list query_timer; |
67 | __be32 addr; | 78 | struct br_ip addr; |
68 | u32 queries_sent; | 79 | u32 queries_sent; |
69 | }; | 80 | }; |
70 | 81 | ||
@@ -77,7 +88,7 @@ struct net_bridge_mdb_entry | |||
77 | struct rcu_head rcu; | 88 | struct rcu_head rcu; |
78 | struct timer_list timer; | 89 | struct timer_list timer; |
79 | struct timer_list query_timer; | 90 | struct timer_list query_timer; |
80 | __be32 addr; | 91 | struct br_ip addr; |
81 | u32 queries_sent; | 92 | u32 queries_sent; |
82 | }; | 93 | }; |
83 | 94 | ||
@@ -128,6 +139,17 @@ struct net_bridge_port | |||
128 | struct hlist_head mglist; | 139 | struct hlist_head mglist; |
129 | struct hlist_node rlist; | 140 | struct hlist_node rlist; |
130 | #endif | 141 | #endif |
142 | |||
143 | #ifdef CONFIG_SYSFS | ||
144 | char sysfs_name[IFNAMSIZ]; | ||
145 | #endif | ||
146 | }; | ||
147 | |||
148 | struct br_cpu_netstats { | ||
149 | unsigned long rx_packets; | ||
150 | unsigned long rx_bytes; | ||
151 | unsigned long tx_packets; | ||
152 | unsigned long tx_bytes; | ||
131 | }; | 153 | }; |
132 | 154 | ||
133 | struct net_bridge | 155 | struct net_bridge |
@@ -135,6 +157,8 @@ struct net_bridge | |||
135 | spinlock_t lock; | 157 | spinlock_t lock; |
136 | struct list_head port_list; | 158 | struct list_head port_list; |
137 | struct net_device *dev; | 159 | struct net_device *dev; |
160 | |||
161 | struct br_cpu_netstats __percpu *stats; | ||
138 | spinlock_t hash_lock; | 162 | spinlock_t hash_lock; |
139 | struct hlist_head hash[BR_HASH_SIZE]; | 163 | struct hlist_head hash[BR_HASH_SIZE]; |
140 | unsigned long feature_mask; | 164 | unsigned long feature_mask; |
@@ -220,6 +244,21 @@ struct br_input_skb_cb { | |||
220 | # define BR_INPUT_SKB_CB_MROUTERS_ONLY(__skb) (0) | 244 | # define BR_INPUT_SKB_CB_MROUTERS_ONLY(__skb) (0) |
221 | #endif | 245 | #endif |
222 | 246 | ||
247 | #define br_printk(level, br, format, args...) \ | ||
248 | printk(level "%s: " format, (br)->dev->name, ##args) | ||
249 | |||
250 | #define br_err(__br, format, args...) \ | ||
251 | br_printk(KERN_ERR, __br, format, ##args) | ||
252 | #define br_warn(__br, format, args...) \ | ||
253 | br_printk(KERN_WARNING, __br, format, ##args) | ||
254 | #define br_notice(__br, format, args...) \ | ||
255 | br_printk(KERN_NOTICE, __br, format, ##args) | ||
256 | #define br_info(__br, format, args...) \ | ||
257 | br_printk(KERN_INFO, __br, format, ##args) | ||
258 | |||
259 | #define br_debug(br, format, args...) \ | ||
260 | pr_debug("%s: " format, (br)->dev->name, ##args) | ||
261 | |||
223 | extern struct notifier_block br_device_notifier; | 262 | extern struct notifier_block br_device_notifier; |
224 | extern const u8 br_group_address[ETH_ALEN]; | 263 | extern const u8 br_group_address[ETH_ALEN]; |
225 | 264 | ||
@@ -233,6 +272,18 @@ static inline int br_is_root_bridge(const struct net_bridge *br) | |||
233 | extern void br_dev_setup(struct net_device *dev); | 272 | extern void br_dev_setup(struct net_device *dev); |
234 | extern netdev_tx_t br_dev_xmit(struct sk_buff *skb, | 273 | extern netdev_tx_t br_dev_xmit(struct sk_buff *skb, |
235 | struct net_device *dev); | 274 | struct net_device *dev); |
275 | #ifdef CONFIG_NET_POLL_CONTROLLER | ||
276 | extern void br_netpoll_cleanup(struct net_device *dev); | ||
277 | extern void br_netpoll_enable(struct net_bridge *br, | ||
278 | struct net_device *dev); | ||
279 | extern void br_netpoll_disable(struct net_bridge *br, | ||
280 | struct net_device *dev); | ||
281 | #else | ||
282 | #define br_netpoll_cleanup(br) | ||
283 | #define br_netpoll_enable(br, dev) | ||
284 | #define br_netpoll_disable(br, dev) | ||
285 | |||
286 | #endif | ||
236 | 287 | ||
237 | /* br_fdb.c */ | 288 | /* br_fdb.c */ |
238 | extern int br_fdb_init(void); | 289 | extern int br_fdb_init(void); |
@@ -433,6 +484,7 @@ extern void br_ifinfo_notify(int event, struct net_bridge_port *port); | |||
433 | /* br_sysfs_if.c */ | 484 | /* br_sysfs_if.c */ |
434 | extern const struct sysfs_ops brport_sysfs_ops; | 485 | extern const struct sysfs_ops brport_sysfs_ops; |
435 | extern int br_sysfs_addif(struct net_bridge_port *p); | 486 | extern int br_sysfs_addif(struct net_bridge_port *p); |
487 | extern int br_sysfs_renameif(struct net_bridge_port *p); | ||
436 | 488 | ||
437 | /* br_sysfs_br.c */ | 489 | /* br_sysfs_br.c */ |
438 | extern int br_sysfs_addbr(struct net_device *dev); | 490 | extern int br_sysfs_addbr(struct net_device *dev); |
@@ -441,6 +493,7 @@ extern void br_sysfs_delbr(struct net_device *dev); | |||
441 | #else | 493 | #else |
442 | 494 | ||
443 | #define br_sysfs_addif(p) (0) | 495 | #define br_sysfs_addif(p) (0) |
496 | #define br_sysfs_renameif(p) (0) | ||
444 | #define br_sysfs_addbr(dev) (0) | 497 | #define br_sysfs_addbr(dev) (0) |
445 | #define br_sysfs_delbr(dev) do { } while(0) | 498 | #define br_sysfs_delbr(dev) do { } while(0) |
446 | #endif /* CONFIG_SYSFS */ | 499 | #endif /* CONFIG_SYSFS */ |
diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c index edcf14b560f..57186d84d2b 100644 --- a/net/bridge/br_stp.c +++ b/net/bridge/br_stp.c | |||
@@ -31,10 +31,9 @@ static const char *const br_port_state_names[] = { | |||
31 | 31 | ||
32 | void br_log_state(const struct net_bridge_port *p) | 32 | void br_log_state(const struct net_bridge_port *p) |
33 | { | 33 | { |
34 | pr_info("%s: port %d(%s) entering %s state\n", | 34 | br_info(p->br, "port %u(%s) entering %s state\n", |
35 | p->br->dev->name, p->port_no, p->dev->name, | 35 | (unsigned) p->port_no, p->dev->name, |
36 | br_port_state_names[p->state]); | 36 | br_port_state_names[p->state]); |
37 | |||
38 | } | 37 | } |
39 | 38 | ||
40 | /* called under bridge lock */ | 39 | /* called under bridge lock */ |
@@ -300,7 +299,7 @@ void br_topology_change_detection(struct net_bridge *br) | |||
300 | if (br->stp_enabled != BR_KERNEL_STP) | 299 | if (br->stp_enabled != BR_KERNEL_STP) |
301 | return; | 300 | return; |
302 | 301 | ||
303 | pr_info("%s: topology change detected, %s\n", br->dev->name, | 302 | br_info(br, "topology change detected, %s\n", |
304 | isroot ? "propagating" : "sending tcn bpdu"); | 303 | isroot ? "propagating" : "sending tcn bpdu"); |
305 | 304 | ||
306 | if (isroot) { | 305 | if (isroot) { |
@@ -469,8 +468,8 @@ void br_received_config_bpdu(struct net_bridge_port *p, struct br_config_bpdu *b | |||
469 | void br_received_tcn_bpdu(struct net_bridge_port *p) | 468 | void br_received_tcn_bpdu(struct net_bridge_port *p) |
470 | { | 469 | { |
471 | if (br_is_designated_port(p)) { | 470 | if (br_is_designated_port(p)) { |
472 | pr_info("%s: received tcn bpdu on port %i(%s)\n", | 471 | br_info(p->br, "port %u(%s) received tcn bpdu\n", |
473 | p->br->dev->name, p->port_no, p->dev->name); | 472 | (unsigned) p->port_no, p->dev->name); |
474 | 473 | ||
475 | br_topology_change_detection(p->br); | 474 | br_topology_change_detection(p->br); |
476 | br_topology_change_acknowledge(p); | 475 | br_topology_change_acknowledge(p); |
diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c index d66cce11f3b..217bd225a42 100644 --- a/net/bridge/br_stp_bpdu.c +++ b/net/bridge/br_stp_bpdu.c | |||
@@ -50,7 +50,7 @@ static void br_send_bpdu(struct net_bridge_port *p, | |||
50 | 50 | ||
51 | llc_mac_hdr_init(skb, p->dev->dev_addr, p->br->group_addr); | 51 | llc_mac_hdr_init(skb, p->dev->dev_addr, p->br->group_addr); |
52 | 52 | ||
53 | NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, | 53 | NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, |
54 | dev_queue_xmit); | 54 | dev_queue_xmit); |
55 | } | 55 | } |
56 | 56 | ||
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c index d527119e9f5..1d8826914cb 100644 --- a/net/bridge/br_stp_if.c +++ b/net/bridge/br_stp_if.c | |||
@@ -85,17 +85,16 @@ void br_stp_enable_port(struct net_bridge_port *p) | |||
85 | { | 85 | { |
86 | br_init_port(p); | 86 | br_init_port(p); |
87 | br_port_state_selection(p->br); | 87 | br_port_state_selection(p->br); |
88 | br_log_state(p); | ||
88 | } | 89 | } |
89 | 90 | ||
90 | /* called under bridge lock */ | 91 | /* called under bridge lock */ |
91 | void br_stp_disable_port(struct net_bridge_port *p) | 92 | void br_stp_disable_port(struct net_bridge_port *p) |
92 | { | 93 | { |
93 | struct net_bridge *br; | 94 | struct net_bridge *br = p->br; |
94 | int wasroot; | 95 | int wasroot; |
95 | 96 | ||
96 | br = p->br; | 97 | br_log_state(p); |
97 | printk(KERN_INFO "%s: port %i(%s) entering %s state\n", | ||
98 | br->dev->name, p->port_no, p->dev->name, "disabled"); | ||
99 | 98 | ||
100 | wasroot = br_is_root_bridge(br); | 99 | wasroot = br_is_root_bridge(br); |
101 | br_become_designated_port(p); | 100 | br_become_designated_port(p); |
@@ -127,11 +126,10 @@ static void br_stp_start(struct net_bridge *br) | |||
127 | r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC); | 126 | r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC); |
128 | if (r == 0) { | 127 | if (r == 0) { |
129 | br->stp_enabled = BR_USER_STP; | 128 | br->stp_enabled = BR_USER_STP; |
130 | printk(KERN_INFO "%s: userspace STP started\n", br->dev->name); | 129 | br_debug(br, "userspace STP started\n"); |
131 | } else { | 130 | } else { |
132 | br->stp_enabled = BR_KERNEL_STP; | 131 | br->stp_enabled = BR_KERNEL_STP; |
133 | printk(KERN_INFO "%s: starting userspace STP failed, " | 132 | br_debug(br, "using kernel STP\n"); |
134 | "starting kernel STP\n", br->dev->name); | ||
135 | 133 | ||
136 | /* To start timers on any ports left in blocking */ | 134 | /* To start timers on any ports left in blocking */ |
137 | spin_lock_bh(&br->lock); | 135 | spin_lock_bh(&br->lock); |
@@ -148,9 +146,7 @@ static void br_stp_stop(struct net_bridge *br) | |||
148 | 146 | ||
149 | if (br->stp_enabled == BR_USER_STP) { | 147 | if (br->stp_enabled == BR_USER_STP) { |
150 | r = call_usermodehelper(BR_STP_PROG, argv, envp, 1); | 148 | r = call_usermodehelper(BR_STP_PROG, argv, envp, 1); |
151 | printk(KERN_INFO "%s: userspace STP stopped, return code %d\n", | 149 | br_info(br, "userspace STP stopped, return code %d\n", r); |
152 | br->dev->name, r); | ||
153 | |||
154 | 150 | ||
155 | /* To start timers on any ports left in blocking */ | 151 | /* To start timers on any ports left in blocking */ |
156 | spin_lock_bh(&br->lock); | 152 | spin_lock_bh(&br->lock); |
diff --git a/net/bridge/br_stp_timer.c b/net/bridge/br_stp_timer.c index 772a140bfdf..7b22456023c 100644 --- a/net/bridge/br_stp_timer.c +++ b/net/bridge/br_stp_timer.c | |||
@@ -35,7 +35,7 @@ static void br_hello_timer_expired(unsigned long arg) | |||
35 | { | 35 | { |
36 | struct net_bridge *br = (struct net_bridge *)arg; | 36 | struct net_bridge *br = (struct net_bridge *)arg; |
37 | 37 | ||
38 | pr_debug("%s: hello timer expired\n", br->dev->name); | 38 | br_debug(br, "hello timer expired\n"); |
39 | spin_lock(&br->lock); | 39 | spin_lock(&br->lock); |
40 | if (br->dev->flags & IFF_UP) { | 40 | if (br->dev->flags & IFF_UP) { |
41 | br_config_bpdu_generation(br); | 41 | br_config_bpdu_generation(br); |
@@ -55,13 +55,9 @@ static void br_message_age_timer_expired(unsigned long arg) | |||
55 | if (p->state == BR_STATE_DISABLED) | 55 | if (p->state == BR_STATE_DISABLED) |
56 | return; | 56 | return; |
57 | 57 | ||
58 | 58 | br_info(br, "port %u(%s) neighbor %.2x%.2x.%pM lost\n", | |
59 | pr_info("%s: neighbor %.2x%.2x.%.2x:%.2x:%.2x:%.2x:%.2x:%.2x lost on port %d(%s)\n", | 59 | (unsigned) p->port_no, p->dev->name, |
60 | br->dev->name, | 60 | id->prio[0], id->prio[1], &id->addr); |
61 | id->prio[0], id->prio[1], | ||
62 | id->addr[0], id->addr[1], id->addr[2], | ||
63 | id->addr[3], id->addr[4], id->addr[5], | ||
64 | p->port_no, p->dev->name); | ||
65 | 61 | ||
66 | /* | 62 | /* |
67 | * According to the spec, the message age timer cannot be | 63 | * According to the spec, the message age timer cannot be |
@@ -87,8 +83,8 @@ static void br_forward_delay_timer_expired(unsigned long arg) | |||
87 | struct net_bridge_port *p = (struct net_bridge_port *) arg; | 83 | struct net_bridge_port *p = (struct net_bridge_port *) arg; |
88 | struct net_bridge *br = p->br; | 84 | struct net_bridge *br = p->br; |
89 | 85 | ||
90 | pr_debug("%s: %d(%s) forward delay timer\n", | 86 | br_debug(br, "port %u(%s) forward delay timer\n", |
91 | br->dev->name, p->port_no, p->dev->name); | 87 | (unsigned) p->port_no, p->dev->name); |
92 | spin_lock(&br->lock); | 88 | spin_lock(&br->lock); |
93 | if (p->state == BR_STATE_LISTENING) { | 89 | if (p->state == BR_STATE_LISTENING) { |
94 | p->state = BR_STATE_LEARNING; | 90 | p->state = BR_STATE_LEARNING; |
@@ -107,7 +103,7 @@ static void br_tcn_timer_expired(unsigned long arg) | |||
107 | { | 103 | { |
108 | struct net_bridge *br = (struct net_bridge *) arg; | 104 | struct net_bridge *br = (struct net_bridge *) arg; |
109 | 105 | ||
110 | pr_debug("%s: tcn timer expired\n", br->dev->name); | 106 | br_debug(br, "tcn timer expired\n"); |
111 | spin_lock(&br->lock); | 107 | spin_lock(&br->lock); |
112 | if (br->dev->flags & IFF_UP) { | 108 | if (br->dev->flags & IFF_UP) { |
113 | br_transmit_tcn(br); | 109 | br_transmit_tcn(br); |
@@ -121,7 +117,7 @@ static void br_topology_change_timer_expired(unsigned long arg) | |||
121 | { | 117 | { |
122 | struct net_bridge *br = (struct net_bridge *) arg; | 118 | struct net_bridge *br = (struct net_bridge *) arg; |
123 | 119 | ||
124 | pr_debug("%s: topo change timer expired\n", br->dev->name); | 120 | br_debug(br, "topo change timer expired\n"); |
125 | spin_lock(&br->lock); | 121 | spin_lock(&br->lock); |
126 | br->topology_change_detected = 0; | 122 | br->topology_change_detected = 0; |
127 | br->topology_change = 0; | 123 | br->topology_change = 0; |
@@ -132,8 +128,8 @@ static void br_hold_timer_expired(unsigned long arg) | |||
132 | { | 128 | { |
133 | struct net_bridge_port *p = (struct net_bridge_port *) arg; | 129 | struct net_bridge_port *p = (struct net_bridge_port *) arg; |
134 | 130 | ||
135 | pr_debug("%s: %d(%s) hold timer expired\n", | 131 | br_debug(p->br, "port %u(%s) hold timer expired\n", |
136 | p->br->dev->name, p->port_no, p->dev->name); | 132 | (unsigned) p->port_no, p->dev->name); |
137 | 133 | ||
138 | spin_lock(&p->br->lock); | 134 | spin_lock(&p->br->lock); |
139 | if (p->config_pending) | 135 | if (p->config_pending) |
diff --git a/net/bridge/br_sysfs_if.c b/net/bridge/br_sysfs_if.c index 0b9916489d6..fd5799c9bc8 100644 --- a/net/bridge/br_sysfs_if.c +++ b/net/bridge/br_sysfs_if.c | |||
@@ -246,7 +246,7 @@ const struct sysfs_ops brport_sysfs_ops = { | |||
246 | /* | 246 | /* |
247 | * Add sysfs entries to ethernet device added to a bridge. | 247 | * Add sysfs entries to ethernet device added to a bridge. |
248 | * Creates a brport subdirectory with bridge attributes. | 248 | * Creates a brport subdirectory with bridge attributes. |
249 | * Puts symlink in bridge's brport subdirectory | 249 | * Puts symlink in bridge's brif subdirectory |
250 | */ | 250 | */ |
251 | int br_sysfs_addif(struct net_bridge_port *p) | 251 | int br_sysfs_addif(struct net_bridge_port *p) |
252 | { | 252 | { |
@@ -257,15 +257,37 @@ int br_sysfs_addif(struct net_bridge_port *p) | |||
257 | err = sysfs_create_link(&p->kobj, &br->dev->dev.kobj, | 257 | err = sysfs_create_link(&p->kobj, &br->dev->dev.kobj, |
258 | SYSFS_BRIDGE_PORT_LINK); | 258 | SYSFS_BRIDGE_PORT_LINK); |
259 | if (err) | 259 | if (err) |
260 | goto out2; | 260 | return err; |
261 | 261 | ||
262 | for (a = brport_attrs; *a; ++a) { | 262 | for (a = brport_attrs; *a; ++a) { |
263 | err = sysfs_create_file(&p->kobj, &((*a)->attr)); | 263 | err = sysfs_create_file(&p->kobj, &((*a)->attr)); |
264 | if (err) | 264 | if (err) |
265 | goto out2; | 265 | return err; |
266 | } | 266 | } |
267 | 267 | ||
268 | err = sysfs_create_link(br->ifobj, &p->kobj, p->dev->name); | 268 | strlcpy(p->sysfs_name, p->dev->name, IFNAMSIZ); |
269 | out2: | 269 | return sysfs_create_link(br->ifobj, &p->kobj, p->sysfs_name); |
270 | } | ||
271 | |||
272 | /* Rename bridge's brif symlink */ | ||
273 | int br_sysfs_renameif(struct net_bridge_port *p) | ||
274 | { | ||
275 | struct net_bridge *br = p->br; | ||
276 | int err; | ||
277 | |||
278 | /* If a rename fails, the rollback will cause another | ||
279 | * rename call with the existing name. | ||
280 | */ | ||
281 | if (!strncmp(p->sysfs_name, p->dev->name, IFNAMSIZ)) | ||
282 | return 0; | ||
283 | |||
284 | err = sysfs_rename_link(br->ifobj, &p->kobj, | ||
285 | p->sysfs_name, p->dev->name); | ||
286 | if (err) | ||
287 | netdev_notice(br->dev, "unable to rename link %s to %s", | ||
288 | p->sysfs_name, p->dev->name); | ||
289 | else | ||
290 | strlcpy(p->sysfs_name, p->dev->name, IFNAMSIZ); | ||
291 | |||
270 | return err; | 292 | return err; |
271 | } | 293 | } |
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c index 5d1176758ca..2a449b7ab8f 100644 --- a/net/bridge/netfilter/ebt_802_3.c +++ b/net/bridge/netfilter/ebt_802_3.c | |||
@@ -13,7 +13,7 @@ | |||
13 | #include <linux/netfilter_bridge/ebt_802_3.h> | 13 | #include <linux/netfilter_bridge/ebt_802_3.h> |
14 | 14 | ||
15 | static bool | 15 | static bool |
16 | ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 16 | ebt_802_3_mt(const struct sk_buff *skb, struct xt_action_param *par) |
17 | { | 17 | { |
18 | const struct ebt_802_3_info *info = par->matchinfo; | 18 | const struct ebt_802_3_info *info = par->matchinfo; |
19 | const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); | 19 | const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); |
@@ -36,14 +36,14 @@ ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
36 | return true; | 36 | return true; |
37 | } | 37 | } |
38 | 38 | ||
39 | static bool ebt_802_3_mt_check(const struct xt_mtchk_param *par) | 39 | static int ebt_802_3_mt_check(const struct xt_mtchk_param *par) |
40 | { | 40 | { |
41 | const struct ebt_802_3_info *info = par->matchinfo; | 41 | const struct ebt_802_3_info *info = par->matchinfo; |
42 | 42 | ||
43 | if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) | 43 | if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) |
44 | return false; | 44 | return -EINVAL; |
45 | 45 | ||
46 | return true; | 46 | return 0; |
47 | } | 47 | } |
48 | 48 | ||
49 | static struct xt_match ebt_802_3_mt_reg __read_mostly = { | 49 | static struct xt_match ebt_802_3_mt_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c index b595f091f35..8b84c581be3 100644 --- a/net/bridge/netfilter/ebt_among.c +++ b/net/bridge/netfilter/ebt_among.c | |||
@@ -7,6 +7,7 @@ | |||
7 | * August, 2003 | 7 | * August, 2003 |
8 | * | 8 | * |
9 | */ | 9 | */ |
10 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | ||
10 | #include <linux/ip.h> | 11 | #include <linux/ip.h> |
11 | #include <linux/if_arp.h> | 12 | #include <linux/if_arp.h> |
12 | #include <linux/module.h> | 13 | #include <linux/module.h> |
@@ -128,7 +129,7 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr) | |||
128 | } | 129 | } |
129 | 130 | ||
130 | static bool | 131 | static bool |
131 | ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 132 | ebt_among_mt(const struct sk_buff *skb, struct xt_action_param *par) |
132 | { | 133 | { |
133 | const struct ebt_among_info *info = par->matchinfo; | 134 | const struct ebt_among_info *info = par->matchinfo; |
134 | const char *dmac, *smac; | 135 | const char *dmac, *smac; |
@@ -171,7 +172,7 @@ ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
171 | return true; | 172 | return true; |
172 | } | 173 | } |
173 | 174 | ||
174 | static bool ebt_among_mt_check(const struct xt_mtchk_param *par) | 175 | static int ebt_among_mt_check(const struct xt_mtchk_param *par) |
175 | { | 176 | { |
176 | const struct ebt_among_info *info = par->matchinfo; | 177 | const struct ebt_among_info *info = par->matchinfo; |
177 | const struct ebt_entry_match *em = | 178 | const struct ebt_entry_match *em = |
@@ -186,24 +187,20 @@ static bool ebt_among_mt_check(const struct xt_mtchk_param *par) | |||
186 | expected_length += ebt_mac_wormhash_size(wh_src); | 187 | expected_length += ebt_mac_wormhash_size(wh_src); |
187 | 188 | ||
188 | if (em->match_size != EBT_ALIGN(expected_length)) { | 189 | if (em->match_size != EBT_ALIGN(expected_length)) { |
189 | printk(KERN_WARNING | 190 | pr_info("wrong size: %d against expected %d, rounded to %Zd\n", |
190 | "ebtables: among: wrong size: %d " | 191 | em->match_size, expected_length, |
191 | "against expected %d, rounded to %Zd\n", | 192 | EBT_ALIGN(expected_length)); |
192 | em->match_size, expected_length, | 193 | return -EINVAL; |
193 | EBT_ALIGN(expected_length)); | ||
194 | return false; | ||
195 | } | 194 | } |
196 | if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { | 195 | if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { |
197 | printk(KERN_WARNING | 196 | pr_info("dst integrity fail: %x\n", -err); |
198 | "ebtables: among: dst integrity fail: %x\n", -err); | 197 | return -EINVAL; |
199 | return false; | ||
200 | } | 198 | } |
201 | if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { | 199 | if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { |
202 | printk(KERN_WARNING | 200 | pr_info("src integrity fail: %x\n", -err); |
203 | "ebtables: among: src integrity fail: %x\n", -err); | 201 | return -EINVAL; |
204 | return false; | ||
205 | } | 202 | } |
206 | return true; | 203 | return 0; |
207 | } | 204 | } |
208 | 205 | ||
209 | static struct xt_match ebt_among_mt_reg __read_mostly = { | 206 | static struct xt_match ebt_among_mt_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c index e727697c584..cd457b891b2 100644 --- a/net/bridge/netfilter/ebt_arp.c +++ b/net/bridge/netfilter/ebt_arp.c | |||
@@ -16,7 +16,7 @@ | |||
16 | #include <linux/netfilter_bridge/ebt_arp.h> | 16 | #include <linux/netfilter_bridge/ebt_arp.h> |
17 | 17 | ||
18 | static bool | 18 | static bool |
19 | ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 19 | ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par) |
20 | { | 20 | { |
21 | const struct ebt_arp_info *info = par->matchinfo; | 21 | const struct ebt_arp_info *info = par->matchinfo; |
22 | const struct arphdr *ah; | 22 | const struct arphdr *ah; |
@@ -100,7 +100,7 @@ ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
100 | return true; | 100 | return true; |
101 | } | 101 | } |
102 | 102 | ||
103 | static bool ebt_arp_mt_check(const struct xt_mtchk_param *par) | 103 | static int ebt_arp_mt_check(const struct xt_mtchk_param *par) |
104 | { | 104 | { |
105 | const struct ebt_arp_info *info = par->matchinfo; | 105 | const struct ebt_arp_info *info = par->matchinfo; |
106 | const struct ebt_entry *e = par->entryinfo; | 106 | const struct ebt_entry *e = par->entryinfo; |
@@ -108,10 +108,10 @@ static bool ebt_arp_mt_check(const struct xt_mtchk_param *par) | |||
108 | if ((e->ethproto != htons(ETH_P_ARP) && | 108 | if ((e->ethproto != htons(ETH_P_ARP) && |
109 | e->ethproto != htons(ETH_P_RARP)) || | 109 | e->ethproto != htons(ETH_P_RARP)) || |
110 | e->invflags & EBT_IPROTO) | 110 | e->invflags & EBT_IPROTO) |
111 | return false; | 111 | return -EINVAL; |
112 | if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) | 112 | if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) |
113 | return false; | 113 | return -EINVAL; |
114 | return true; | 114 | return 0; |
115 | } | 115 | } |
116 | 116 | ||
117 | static struct xt_match ebt_arp_mt_reg __read_mostly = { | 117 | static struct xt_match ebt_arp_mt_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c index f392e9d93f5..070cf134a22 100644 --- a/net/bridge/netfilter/ebt_arpreply.c +++ b/net/bridge/netfilter/ebt_arpreply.c | |||
@@ -16,7 +16,7 @@ | |||
16 | #include <linux/netfilter_bridge/ebt_arpreply.h> | 16 | #include <linux/netfilter_bridge/ebt_arpreply.h> |
17 | 17 | ||
18 | static unsigned int | 18 | static unsigned int |
19 | ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par) | 19 | ebt_arpreply_tg(struct sk_buff *skb, const struct xt_action_param *par) |
20 | { | 20 | { |
21 | const struct ebt_arpreply_info *info = par->targinfo; | 21 | const struct ebt_arpreply_info *info = par->targinfo; |
22 | const __be32 *siptr, *diptr; | 22 | const __be32 *siptr, *diptr; |
@@ -57,17 +57,17 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
57 | return info->target; | 57 | return info->target; |
58 | } | 58 | } |
59 | 59 | ||
60 | static bool ebt_arpreply_tg_check(const struct xt_tgchk_param *par) | 60 | static int ebt_arpreply_tg_check(const struct xt_tgchk_param *par) |
61 | { | 61 | { |
62 | const struct ebt_arpreply_info *info = par->targinfo; | 62 | const struct ebt_arpreply_info *info = par->targinfo; |
63 | const struct ebt_entry *e = par->entryinfo; | 63 | const struct ebt_entry *e = par->entryinfo; |
64 | 64 | ||
65 | if (BASE_CHAIN && info->target == EBT_RETURN) | 65 | if (BASE_CHAIN && info->target == EBT_RETURN) |
66 | return false; | 66 | return -EINVAL; |
67 | if (e->ethproto != htons(ETH_P_ARP) || | 67 | if (e->ethproto != htons(ETH_P_ARP) || |
68 | e->invflags & EBT_IPROTO) | 68 | e->invflags & EBT_IPROTO) |
69 | return false; | 69 | return -EINVAL; |
70 | return true; | 70 | return 0; |
71 | } | 71 | } |
72 | 72 | ||
73 | static struct xt_target ebt_arpreply_tg_reg __read_mostly = { | 73 | static struct xt_target ebt_arpreply_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index 2bb40d728a3..c59f7bfae6e 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c | |||
@@ -15,7 +15,7 @@ | |||
15 | #include <linux/netfilter_bridge/ebt_nat.h> | 15 | #include <linux/netfilter_bridge/ebt_nat.h> |
16 | 16 | ||
17 | static unsigned int | 17 | static unsigned int |
18 | ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par) | 18 | ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par) |
19 | { | 19 | { |
20 | const struct ebt_nat_info *info = par->targinfo; | 20 | const struct ebt_nat_info *info = par->targinfo; |
21 | 21 | ||
@@ -26,13 +26,13 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
26 | return info->target; | 26 | return info->target; |
27 | } | 27 | } |
28 | 28 | ||
29 | static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par) | 29 | static int ebt_dnat_tg_check(const struct xt_tgchk_param *par) |
30 | { | 30 | { |
31 | const struct ebt_nat_info *info = par->targinfo; | 31 | const struct ebt_nat_info *info = par->targinfo; |
32 | unsigned int hook_mask; | 32 | unsigned int hook_mask; |
33 | 33 | ||
34 | if (BASE_CHAIN && info->target == EBT_RETURN) | 34 | if (BASE_CHAIN && info->target == EBT_RETURN) |
35 | return false; | 35 | return -EINVAL; |
36 | 36 | ||
37 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); | 37 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); |
38 | if ((strcmp(par->table, "nat") != 0 || | 38 | if ((strcmp(par->table, "nat") != 0 || |
@@ -40,10 +40,10 @@ static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par) | |||
40 | (1 << NF_BR_LOCAL_OUT)))) && | 40 | (1 << NF_BR_LOCAL_OUT)))) && |
41 | (strcmp(par->table, "broute") != 0 || | 41 | (strcmp(par->table, "broute") != 0 || |
42 | hook_mask & ~(1 << NF_BR_BROUTING))) | 42 | hook_mask & ~(1 << NF_BR_BROUTING))) |
43 | return false; | 43 | return -EINVAL; |
44 | if (INVALID_TARGET) | 44 | if (INVALID_TARGET) |
45 | return false; | 45 | return -EINVAL; |
46 | return true; | 46 | return 0; |
47 | } | 47 | } |
48 | 48 | ||
49 | static struct xt_target ebt_dnat_tg_reg __read_mostly = { | 49 | static struct xt_target ebt_dnat_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c index 5de6df6f86b..23bca62d58d 100644 --- a/net/bridge/netfilter/ebt_ip.c +++ b/net/bridge/netfilter/ebt_ip.c | |||
@@ -25,7 +25,7 @@ struct tcpudphdr { | |||
25 | }; | 25 | }; |
26 | 26 | ||
27 | static bool | 27 | static bool |
28 | ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 28 | ebt_ip_mt(const struct sk_buff *skb, struct xt_action_param *par) |
29 | { | 29 | { |
30 | const struct ebt_ip_info *info = par->matchinfo; | 30 | const struct ebt_ip_info *info = par->matchinfo; |
31 | const struct iphdr *ih; | 31 | const struct iphdr *ih; |
@@ -77,31 +77,31 @@ ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
77 | return true; | 77 | return true; |
78 | } | 78 | } |
79 | 79 | ||
80 | static bool ebt_ip_mt_check(const struct xt_mtchk_param *par) | 80 | static int ebt_ip_mt_check(const struct xt_mtchk_param *par) |
81 | { | 81 | { |
82 | const struct ebt_ip_info *info = par->matchinfo; | 82 | const struct ebt_ip_info *info = par->matchinfo; |
83 | const struct ebt_entry *e = par->entryinfo; | 83 | const struct ebt_entry *e = par->entryinfo; |
84 | 84 | ||
85 | if (e->ethproto != htons(ETH_P_IP) || | 85 | if (e->ethproto != htons(ETH_P_IP) || |
86 | e->invflags & EBT_IPROTO) | 86 | e->invflags & EBT_IPROTO) |
87 | return false; | 87 | return -EINVAL; |
88 | if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) | 88 | if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) |
89 | return false; | 89 | return -EINVAL; |
90 | if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) { | 90 | if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) { |
91 | if (info->invflags & EBT_IP_PROTO) | 91 | if (info->invflags & EBT_IP_PROTO) |
92 | return false; | 92 | return -EINVAL; |
93 | if (info->protocol != IPPROTO_TCP && | 93 | if (info->protocol != IPPROTO_TCP && |
94 | info->protocol != IPPROTO_UDP && | 94 | info->protocol != IPPROTO_UDP && |
95 | info->protocol != IPPROTO_UDPLITE && | 95 | info->protocol != IPPROTO_UDPLITE && |
96 | info->protocol != IPPROTO_SCTP && | 96 | info->protocol != IPPROTO_SCTP && |
97 | info->protocol != IPPROTO_DCCP) | 97 | info->protocol != IPPROTO_DCCP) |
98 | return false; | 98 | return -EINVAL; |
99 | } | 99 | } |
100 | if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) | 100 | if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) |
101 | return false; | 101 | return -EINVAL; |
102 | if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) | 102 | if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) |
103 | return false; | 103 | return -EINVAL; |
104 | return true; | 104 | return 0; |
105 | } | 105 | } |
106 | 106 | ||
107 | static struct xt_match ebt_ip_mt_reg __read_mostly = { | 107 | static struct xt_match ebt_ip_mt_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c index bbf2534ef02..50a46afc2bc 100644 --- a/net/bridge/netfilter/ebt_ip6.c +++ b/net/bridge/netfilter/ebt_ip6.c | |||
@@ -4,7 +4,7 @@ | |||
4 | * Authors: | 4 | * Authors: |
5 | * Manohar Castelino <manohar.r.castelino@intel.com> | 5 | * Manohar Castelino <manohar.r.castelino@intel.com> |
6 | * Kuo-Lang Tseng <kuo-lang.tseng@intel.com> | 6 | * Kuo-Lang Tseng <kuo-lang.tseng@intel.com> |
7 | * Jan Engelhardt <jengelh@computergmbh.de> | 7 | * Jan Engelhardt <jengelh@medozas.de> |
8 | * | 8 | * |
9 | * Summary: | 9 | * Summary: |
10 | * This is just a modification of the IPv4 code written by | 10 | * This is just a modification of the IPv4 code written by |
@@ -28,15 +28,13 @@ struct tcpudphdr { | |||
28 | }; | 28 | }; |
29 | 29 | ||
30 | static bool | 30 | static bool |
31 | ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 31 | ebt_ip6_mt(const struct sk_buff *skb, struct xt_action_param *par) |
32 | { | 32 | { |
33 | const struct ebt_ip6_info *info = par->matchinfo; | 33 | const struct ebt_ip6_info *info = par->matchinfo; |
34 | const struct ipv6hdr *ih6; | 34 | const struct ipv6hdr *ih6; |
35 | struct ipv6hdr _ip6h; | 35 | struct ipv6hdr _ip6h; |
36 | const struct tcpudphdr *pptr; | 36 | const struct tcpudphdr *pptr; |
37 | struct tcpudphdr _ports; | 37 | struct tcpudphdr _ports; |
38 | struct in6_addr tmp_addr; | ||
39 | int i; | ||
40 | 38 | ||
41 | ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h); | 39 | ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h); |
42 | if (ih6 == NULL) | 40 | if (ih6 == NULL) |
@@ -44,18 +42,10 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
44 | if (info->bitmask & EBT_IP6_TCLASS && | 42 | if (info->bitmask & EBT_IP6_TCLASS && |
45 | FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) | 43 | FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) |
46 | return false; | 44 | return false; |
47 | for (i = 0; i < 4; i++) | 45 | if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk, |
48 | tmp_addr.in6_u.u6_addr32[i] = ih6->saddr.in6_u.u6_addr32[i] & | 46 | &info->saddr), EBT_IP6_SOURCE) || |
49 | info->smsk.in6_u.u6_addr32[i]; | 47 | FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk, |
50 | if (info->bitmask & EBT_IP6_SOURCE && | 48 | &info->daddr), EBT_IP6_DEST)) |
51 | FWINV((ipv6_addr_cmp(&tmp_addr, &info->saddr) != 0), | ||
52 | EBT_IP6_SOURCE)) | ||
53 | return false; | ||
54 | for (i = 0; i < 4; i++) | ||
55 | tmp_addr.in6_u.u6_addr32[i] = ih6->daddr.in6_u.u6_addr32[i] & | ||
56 | info->dmsk.in6_u.u6_addr32[i]; | ||
57 | if (info->bitmask & EBT_IP6_DEST && | ||
58 | FWINV((ipv6_addr_cmp(&tmp_addr, &info->daddr) != 0), EBT_IP6_DEST)) | ||
59 | return false; | 49 | return false; |
60 | if (info->bitmask & EBT_IP6_PROTO) { | 50 | if (info->bitmask & EBT_IP6_PROTO) { |
61 | uint8_t nexthdr = ih6->nexthdr; | 51 | uint8_t nexthdr = ih6->nexthdr; |
@@ -90,30 +80,30 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
90 | return true; | 80 | return true; |
91 | } | 81 | } |
92 | 82 | ||
93 | static bool ebt_ip6_mt_check(const struct xt_mtchk_param *par) | 83 | static int ebt_ip6_mt_check(const struct xt_mtchk_param *par) |
94 | { | 84 | { |
95 | const struct ebt_entry *e = par->entryinfo; | 85 | const struct ebt_entry *e = par->entryinfo; |
96 | struct ebt_ip6_info *info = par->matchinfo; | 86 | struct ebt_ip6_info *info = par->matchinfo; |
97 | 87 | ||
98 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) | 88 | if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) |
99 | return false; | 89 | return -EINVAL; |
100 | if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK) | 90 | if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK) |
101 | return false; | 91 | return -EINVAL; |
102 | if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) { | 92 | if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) { |
103 | if (info->invflags & EBT_IP6_PROTO) | 93 | if (info->invflags & EBT_IP6_PROTO) |
104 | return false; | 94 | return -EINVAL; |
105 | if (info->protocol != IPPROTO_TCP && | 95 | if (info->protocol != IPPROTO_TCP && |
106 | info->protocol != IPPROTO_UDP && | 96 | info->protocol != IPPROTO_UDP && |
107 | info->protocol != IPPROTO_UDPLITE && | 97 | info->protocol != IPPROTO_UDPLITE && |
108 | info->protocol != IPPROTO_SCTP && | 98 | info->protocol != IPPROTO_SCTP && |
109 | info->protocol != IPPROTO_DCCP) | 99 | info->protocol != IPPROTO_DCCP) |
110 | return false; | 100 | return -EINVAL; |
111 | } | 101 | } |
112 | if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1]) | 102 | if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1]) |
113 | return false; | 103 | return -EINVAL; |
114 | if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1]) | 104 | if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1]) |
115 | return false; | 105 | return -EINVAL; |
116 | return true; | 106 | return 0; |
117 | } | 107 | } |
118 | 108 | ||
119 | static struct xt_match ebt_ip6_mt_reg __read_mostly = { | 109 | static struct xt_match ebt_ip6_mt_reg __read_mostly = { |
@@ -139,4 +129,5 @@ static void __exit ebt_ip6_fini(void) | |||
139 | module_init(ebt_ip6_init); | 129 | module_init(ebt_ip6_init); |
140 | module_exit(ebt_ip6_fini); | 130 | module_exit(ebt_ip6_fini); |
141 | MODULE_DESCRIPTION("Ebtables: IPv6 protocol packet match"); | 131 | MODULE_DESCRIPTION("Ebtables: IPv6 protocol packet match"); |
132 | MODULE_AUTHOR("Kuo-Lang Tseng <kuo-lang.tseng@intel.com>"); | ||
142 | MODULE_LICENSE("GPL"); | 133 | MODULE_LICENSE("GPL"); |
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c index 7a8182710eb..517e78befcb 100644 --- a/net/bridge/netfilter/ebt_limit.c +++ b/net/bridge/netfilter/ebt_limit.c | |||
@@ -10,6 +10,7 @@ | |||
10 | * September, 2003 | 10 | * September, 2003 |
11 | * | 11 | * |
12 | */ | 12 | */ |
13 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | ||
13 | #include <linux/module.h> | 14 | #include <linux/module.h> |
14 | #include <linux/netdevice.h> | 15 | #include <linux/netdevice.h> |
15 | #include <linux/spinlock.h> | 16 | #include <linux/spinlock.h> |
@@ -31,7 +32,7 @@ static DEFINE_SPINLOCK(limit_lock); | |||
31 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) | 32 | #define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) |
32 | 33 | ||
33 | static bool | 34 | static bool |
34 | ebt_limit_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 35 | ebt_limit_mt(const struct sk_buff *skb, struct xt_action_param *par) |
35 | { | 36 | { |
36 | struct ebt_limit_info *info = (void *)par->matchinfo; | 37 | struct ebt_limit_info *info = (void *)par->matchinfo; |
37 | unsigned long now = jiffies; | 38 | unsigned long now = jiffies; |
@@ -64,16 +65,16 @@ user2credits(u_int32_t user) | |||
64 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; | 65 | return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; |
65 | } | 66 | } |
66 | 67 | ||
67 | static bool ebt_limit_mt_check(const struct xt_mtchk_param *par) | 68 | static int ebt_limit_mt_check(const struct xt_mtchk_param *par) |
68 | { | 69 | { |
69 | struct ebt_limit_info *info = par->matchinfo; | 70 | struct ebt_limit_info *info = par->matchinfo; |
70 | 71 | ||
71 | /* Check for overflow. */ | 72 | /* Check for overflow. */ |
72 | if (info->burst == 0 || | 73 | if (info->burst == 0 || |
73 | user2credits(info->avg * info->burst) < user2credits(info->avg)) { | 74 | user2credits(info->avg * info->burst) < user2credits(info->avg)) { |
74 | printk("Overflow in ebt_limit, try lower: %u/%u\n", | 75 | pr_info("overflow, try lower: %u/%u\n", |
75 | info->avg, info->burst); | 76 | info->avg, info->burst); |
76 | return false; | 77 | return -EINVAL; |
77 | } | 78 | } |
78 | 79 | ||
79 | /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */ | 80 | /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */ |
@@ -81,7 +82,7 @@ static bool ebt_limit_mt_check(const struct xt_mtchk_param *par) | |||
81 | info->credit = user2credits(info->avg * info->burst); | 82 | info->credit = user2credits(info->avg * info->burst); |
82 | info->credit_cap = user2credits(info->avg * info->burst); | 83 | info->credit_cap = user2credits(info->avg * info->burst); |
83 | info->cost = user2credits(info->avg); | 84 | info->cost = user2credits(info->avg); |
84 | return true; | 85 | return 0; |
85 | } | 86 | } |
86 | 87 | ||
87 | 88 | ||
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c index e873924ddb5..6e5a8bb9b94 100644 --- a/net/bridge/netfilter/ebt_log.c +++ b/net/bridge/netfilter/ebt_log.c | |||
@@ -24,16 +24,16 @@ | |||
24 | 24 | ||
25 | static DEFINE_SPINLOCK(ebt_log_lock); | 25 | static DEFINE_SPINLOCK(ebt_log_lock); |
26 | 26 | ||
27 | static bool ebt_log_tg_check(const struct xt_tgchk_param *par) | 27 | static int ebt_log_tg_check(const struct xt_tgchk_param *par) |
28 | { | 28 | { |
29 | struct ebt_log_info *info = par->targinfo; | 29 | struct ebt_log_info *info = par->targinfo; |
30 | 30 | ||
31 | if (info->bitmask & ~EBT_LOG_MASK) | 31 | if (info->bitmask & ~EBT_LOG_MASK) |
32 | return false; | 32 | return -EINVAL; |
33 | if (info->loglevel >= 8) | 33 | if (info->loglevel >= 8) |
34 | return false; | 34 | return -EINVAL; |
35 | info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; | 35 | info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; |
36 | return true; | 36 | return 0; |
37 | } | 37 | } |
38 | 38 | ||
39 | struct tcpudphdr | 39 | struct tcpudphdr |
@@ -171,7 +171,7 @@ out: | |||
171 | } | 171 | } |
172 | 172 | ||
173 | static unsigned int | 173 | static unsigned int |
174 | ebt_log_tg(struct sk_buff *skb, const struct xt_target_param *par) | 174 | ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par) |
175 | { | 175 | { |
176 | const struct ebt_log_info *info = par->targinfo; | 176 | const struct ebt_log_info *info = par->targinfo; |
177 | struct nf_loginfo li; | 177 | struct nf_loginfo li; |
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c index 2b5ce533d6b..66697cbd0a8 100644 --- a/net/bridge/netfilter/ebt_mark.c +++ b/net/bridge/netfilter/ebt_mark.c | |||
@@ -19,7 +19,7 @@ | |||
19 | #include <linux/netfilter_bridge/ebt_mark_t.h> | 19 | #include <linux/netfilter_bridge/ebt_mark_t.h> |
20 | 20 | ||
21 | static unsigned int | 21 | static unsigned int |
22 | ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par) | 22 | ebt_mark_tg(struct sk_buff *skb, const struct xt_action_param *par) |
23 | { | 23 | { |
24 | const struct ebt_mark_t_info *info = par->targinfo; | 24 | const struct ebt_mark_t_info *info = par->targinfo; |
25 | int action = info->target & -16; | 25 | int action = info->target & -16; |
@@ -36,21 +36,21 @@ ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
36 | return info->target | ~EBT_VERDICT_BITS; | 36 | return info->target | ~EBT_VERDICT_BITS; |
37 | } | 37 | } |
38 | 38 | ||
39 | static bool ebt_mark_tg_check(const struct xt_tgchk_param *par) | 39 | static int ebt_mark_tg_check(const struct xt_tgchk_param *par) |
40 | { | 40 | { |
41 | const struct ebt_mark_t_info *info = par->targinfo; | 41 | const struct ebt_mark_t_info *info = par->targinfo; |
42 | int tmp; | 42 | int tmp; |
43 | 43 | ||
44 | tmp = info->target | ~EBT_VERDICT_BITS; | 44 | tmp = info->target | ~EBT_VERDICT_BITS; |
45 | if (BASE_CHAIN && tmp == EBT_RETURN) | 45 | if (BASE_CHAIN && tmp == EBT_RETURN) |
46 | return false; | 46 | return -EINVAL; |
47 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) | 47 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
48 | return false; | 48 | return -EINVAL; |
49 | tmp = info->target & ~EBT_VERDICT_BITS; | 49 | tmp = info->target & ~EBT_VERDICT_BITS; |
50 | if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && | 50 | if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && |
51 | tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) | 51 | tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) |
52 | return false; | 52 | return -EINVAL; |
53 | return true; | 53 | return 0; |
54 | } | 54 | } |
55 | #ifdef CONFIG_COMPAT | 55 | #ifdef CONFIG_COMPAT |
56 | struct compat_ebt_mark_t_info { | 56 | struct compat_ebt_mark_t_info { |
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c index 8de8c396d91..d98baefc4c7 100644 --- a/net/bridge/netfilter/ebt_mark_m.c +++ b/net/bridge/netfilter/ebt_mark_m.c | |||
@@ -13,7 +13,7 @@ | |||
13 | #include <linux/netfilter_bridge/ebt_mark_m.h> | 13 | #include <linux/netfilter_bridge/ebt_mark_m.h> |
14 | 14 | ||
15 | static bool | 15 | static bool |
16 | ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 16 | ebt_mark_mt(const struct sk_buff *skb, struct xt_action_param *par) |
17 | { | 17 | { |
18 | const struct ebt_mark_m_info *info = par->matchinfo; | 18 | const struct ebt_mark_m_info *info = par->matchinfo; |
19 | 19 | ||
@@ -22,17 +22,17 @@ ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
22 | return ((skb->mark & info->mask) == info->mark) ^ info->invert; | 22 | return ((skb->mark & info->mask) == info->mark) ^ info->invert; |
23 | } | 23 | } |
24 | 24 | ||
25 | static bool ebt_mark_mt_check(const struct xt_mtchk_param *par) | 25 | static int ebt_mark_mt_check(const struct xt_mtchk_param *par) |
26 | { | 26 | { |
27 | const struct ebt_mark_m_info *info = par->matchinfo; | 27 | const struct ebt_mark_m_info *info = par->matchinfo; |
28 | 28 | ||
29 | if (info->bitmask & ~EBT_MARK_MASK) | 29 | if (info->bitmask & ~EBT_MARK_MASK) |
30 | return false; | 30 | return -EINVAL; |
31 | if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) | 31 | if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) |
32 | return false; | 32 | return -EINVAL; |
33 | if (!info->bitmask) | 33 | if (!info->bitmask) |
34 | return false; | 34 | return -EINVAL; |
35 | return true; | 35 | return 0; |
36 | } | 36 | } |
37 | 37 | ||
38 | 38 | ||
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c index 40dbd248b9a..5be68bbcc34 100644 --- a/net/bridge/netfilter/ebt_nflog.c +++ b/net/bridge/netfilter/ebt_nflog.c | |||
@@ -20,7 +20,7 @@ | |||
20 | #include <net/netfilter/nf_log.h> | 20 | #include <net/netfilter/nf_log.h> |
21 | 21 | ||
22 | static unsigned int | 22 | static unsigned int |
23 | ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) | 23 | ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par) |
24 | { | 24 | { |
25 | const struct ebt_nflog_info *info = par->targinfo; | 25 | const struct ebt_nflog_info *info = par->targinfo; |
26 | struct nf_loginfo li; | 26 | struct nf_loginfo li; |
@@ -35,14 +35,14 @@ ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
35 | return EBT_CONTINUE; | 35 | return EBT_CONTINUE; |
36 | } | 36 | } |
37 | 37 | ||
38 | static bool ebt_nflog_tg_check(const struct xt_tgchk_param *par) | 38 | static int ebt_nflog_tg_check(const struct xt_tgchk_param *par) |
39 | { | 39 | { |
40 | struct ebt_nflog_info *info = par->targinfo; | 40 | struct ebt_nflog_info *info = par->targinfo; |
41 | 41 | ||
42 | if (info->flags & ~EBT_NFLOG_MASK) | 42 | if (info->flags & ~EBT_NFLOG_MASK) |
43 | return false; | 43 | return -EINVAL; |
44 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; | 44 | info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; |
45 | return true; | 45 | return 0; |
46 | } | 46 | } |
47 | 47 | ||
48 | static struct xt_target ebt_nflog_tg_reg __read_mostly = { | 48 | static struct xt_target ebt_nflog_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c index e2a07e6cbef..496a5651530 100644 --- a/net/bridge/netfilter/ebt_pkttype.c +++ b/net/bridge/netfilter/ebt_pkttype.c | |||
@@ -13,21 +13,21 @@ | |||
13 | #include <linux/netfilter_bridge/ebt_pkttype.h> | 13 | #include <linux/netfilter_bridge/ebt_pkttype.h> |
14 | 14 | ||
15 | static bool | 15 | static bool |
16 | ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 16 | ebt_pkttype_mt(const struct sk_buff *skb, struct xt_action_param *par) |
17 | { | 17 | { |
18 | const struct ebt_pkttype_info *info = par->matchinfo; | 18 | const struct ebt_pkttype_info *info = par->matchinfo; |
19 | 19 | ||
20 | return (skb->pkt_type == info->pkt_type) ^ info->invert; | 20 | return (skb->pkt_type == info->pkt_type) ^ info->invert; |
21 | } | 21 | } |
22 | 22 | ||
23 | static bool ebt_pkttype_mt_check(const struct xt_mtchk_param *par) | 23 | static int ebt_pkttype_mt_check(const struct xt_mtchk_param *par) |
24 | { | 24 | { |
25 | const struct ebt_pkttype_info *info = par->matchinfo; | 25 | const struct ebt_pkttype_info *info = par->matchinfo; |
26 | 26 | ||
27 | if (info->invert != 0 && info->invert != 1) | 27 | if (info->invert != 0 && info->invert != 1) |
28 | return false; | 28 | return -EINVAL; |
29 | /* Allow any pkt_type value */ | 29 | /* Allow any pkt_type value */ |
30 | return true; | 30 | return 0; |
31 | } | 31 | } |
32 | 32 | ||
33 | static struct xt_match ebt_pkttype_mt_reg __read_mostly = { | 33 | static struct xt_match ebt_pkttype_mt_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c index 9be8fbcd370..9e19166ba45 100644 --- a/net/bridge/netfilter/ebt_redirect.c +++ b/net/bridge/netfilter/ebt_redirect.c | |||
@@ -16,7 +16,7 @@ | |||
16 | #include <linux/netfilter_bridge/ebt_redirect.h> | 16 | #include <linux/netfilter_bridge/ebt_redirect.h> |
17 | 17 | ||
18 | static unsigned int | 18 | static unsigned int |
19 | ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) | 19 | ebt_redirect_tg(struct sk_buff *skb, const struct xt_action_param *par) |
20 | { | 20 | { |
21 | const struct ebt_redirect_info *info = par->targinfo; | 21 | const struct ebt_redirect_info *info = par->targinfo; |
22 | 22 | ||
@@ -32,23 +32,23 @@ ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) | |||
32 | return info->target; | 32 | return info->target; |
33 | } | 33 | } |
34 | 34 | ||
35 | static bool ebt_redirect_tg_check(const struct xt_tgchk_param *par) | 35 | static int ebt_redirect_tg_check(const struct xt_tgchk_param *par) |
36 | { | 36 | { |
37 | const struct ebt_redirect_info *info = par->targinfo; | 37 | const struct ebt_redirect_info *info = par->targinfo; |
38 | unsigned int hook_mask; | 38 | unsigned int hook_mask; |
39 | 39 | ||
40 | if (BASE_CHAIN && info->target == EBT_RETURN) | 40 | if (BASE_CHAIN && info->target == EBT_RETURN) |
41 | return false; | 41 | return -EINVAL; |
42 | 42 | ||
43 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); | 43 | hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); |
44 | if ((strcmp(par->table, "nat") != 0 || | 44 | if ((strcmp(par->table, "nat") != 0 || |
45 | hook_mask & ~(1 << NF_BR_PRE_ROUTING)) && | 45 | hook_mask & ~(1 << NF_BR_PRE_ROUTING)) && |
46 | (strcmp(par->table, "broute") != 0 || | 46 | (strcmp(par->table, "broute") != 0 || |
47 | hook_mask & ~(1 << NF_BR_BROUTING))) | 47 | hook_mask & ~(1 << NF_BR_BROUTING))) |
48 | return false; | 48 | return -EINVAL; |
49 | if (INVALID_TARGET) | 49 | if (INVALID_TARGET) |
50 | return false; | 50 | return -EINVAL; |
51 | return true; | 51 | return 0; |
52 | } | 52 | } |
53 | 53 | ||
54 | static struct xt_target ebt_redirect_tg_reg __read_mostly = { | 54 | static struct xt_target ebt_redirect_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c index 9c7b520765a..f8f0bd1a1d5 100644 --- a/net/bridge/netfilter/ebt_snat.c +++ b/net/bridge/netfilter/ebt_snat.c | |||
@@ -17,7 +17,7 @@ | |||
17 | #include <linux/netfilter_bridge/ebt_nat.h> | 17 | #include <linux/netfilter_bridge/ebt_nat.h> |
18 | 18 | ||
19 | static unsigned int | 19 | static unsigned int |
20 | ebt_snat_tg(struct sk_buff *skb, const struct xt_target_param *par) | 20 | ebt_snat_tg(struct sk_buff *skb, const struct xt_action_param *par) |
21 | { | 21 | { |
22 | const struct ebt_nat_info *info = par->targinfo; | 22 | const struct ebt_nat_info *info = par->targinfo; |
23 | 23 | ||
@@ -42,21 +42,21 @@ out: | |||
42 | return info->target | ~EBT_VERDICT_BITS; | 42 | return info->target | ~EBT_VERDICT_BITS; |
43 | } | 43 | } |
44 | 44 | ||
45 | static bool ebt_snat_tg_check(const struct xt_tgchk_param *par) | 45 | static int ebt_snat_tg_check(const struct xt_tgchk_param *par) |
46 | { | 46 | { |
47 | const struct ebt_nat_info *info = par->targinfo; | 47 | const struct ebt_nat_info *info = par->targinfo; |
48 | int tmp; | 48 | int tmp; |
49 | 49 | ||
50 | tmp = info->target | ~EBT_VERDICT_BITS; | 50 | tmp = info->target | ~EBT_VERDICT_BITS; |
51 | if (BASE_CHAIN && tmp == EBT_RETURN) | 51 | if (BASE_CHAIN && tmp == EBT_RETURN) |
52 | return false; | 52 | return -EINVAL; |
53 | 53 | ||
54 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) | 54 | if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) |
55 | return false; | 55 | return -EINVAL; |
56 | tmp = info->target | EBT_VERDICT_BITS; | 56 | tmp = info->target | EBT_VERDICT_BITS; |
57 | if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) | 57 | if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) |
58 | return false; | 58 | return -EINVAL; |
59 | return true; | 59 | return 0; |
60 | } | 60 | } |
61 | 61 | ||
62 | static struct xt_target ebt_snat_tg_reg __read_mostly = { | 62 | static struct xt_target ebt_snat_tg_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c index 92a93d36376..5b33a2e634a 100644 --- a/net/bridge/netfilter/ebt_stp.c +++ b/net/bridge/netfilter/ebt_stp.c | |||
@@ -120,7 +120,7 @@ static bool ebt_filter_config(const struct ebt_stp_info *info, | |||
120 | } | 120 | } |
121 | 121 | ||
122 | static bool | 122 | static bool |
123 | ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 123 | ebt_stp_mt(const struct sk_buff *skb, struct xt_action_param *par) |
124 | { | 124 | { |
125 | const struct ebt_stp_info *info = par->matchinfo; | 125 | const struct ebt_stp_info *info = par->matchinfo; |
126 | const struct stp_header *sp; | 126 | const struct stp_header *sp; |
@@ -153,7 +153,7 @@ ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
153 | return true; | 153 | return true; |
154 | } | 154 | } |
155 | 155 | ||
156 | static bool ebt_stp_mt_check(const struct xt_mtchk_param *par) | 156 | static int ebt_stp_mt_check(const struct xt_mtchk_param *par) |
157 | { | 157 | { |
158 | const struct ebt_stp_info *info = par->matchinfo; | 158 | const struct ebt_stp_info *info = par->matchinfo; |
159 | const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; | 159 | const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; |
@@ -162,13 +162,13 @@ static bool ebt_stp_mt_check(const struct xt_mtchk_param *par) | |||
162 | 162 | ||
163 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || | 163 | if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || |
164 | !(info->bitmask & EBT_STP_MASK)) | 164 | !(info->bitmask & EBT_STP_MASK)) |
165 | return false; | 165 | return -EINVAL; |
166 | /* Make sure the match only receives stp frames */ | 166 | /* Make sure the match only receives stp frames */ |
167 | if (compare_ether_addr(e->destmac, bridge_ula) || | 167 | if (compare_ether_addr(e->destmac, bridge_ula) || |
168 | compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) | 168 | compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) |
169 | return false; | 169 | return -EINVAL; |
170 | 170 | ||
171 | return true; | 171 | return 0; |
172 | } | 172 | } |
173 | 173 | ||
174 | static struct xt_match ebt_stp_mt_reg __read_mostly = { | 174 | static struct xt_match ebt_stp_mt_reg __read_mostly = { |
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c index f9560f3dbdc..ae3c7cef148 100644 --- a/net/bridge/netfilter/ebt_ulog.c +++ b/net/bridge/netfilter/ebt_ulog.c | |||
@@ -27,7 +27,7 @@ | |||
27 | * flushed even if it is not full yet. | 27 | * flushed even if it is not full yet. |
28 | * | 28 | * |
29 | */ | 29 | */ |
30 | 30 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | |
31 | #include <linux/module.h> | 31 | #include <linux/module.h> |
32 | #include <linux/slab.h> | 32 | #include <linux/slab.h> |
33 | #include <linux/spinlock.h> | 33 | #include <linux/spinlock.h> |
@@ -44,9 +44,6 @@ | |||
44 | #include <net/sock.h> | 44 | #include <net/sock.h> |
45 | #include "../br_private.h" | 45 | #include "../br_private.h" |
46 | 46 | ||
47 | #define PRINTR(format, args...) do { if (net_ratelimit()) \ | ||
48 | printk(format , ## args); } while (0) | ||
49 | |||
50 | static unsigned int nlbufsiz = NLMSG_GOODSIZE; | 47 | static unsigned int nlbufsiz = NLMSG_GOODSIZE; |
51 | module_param(nlbufsiz, uint, 0600); | 48 | module_param(nlbufsiz, uint, 0600); |
52 | MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) " | 49 | MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) " |
@@ -107,15 +104,14 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size) | |||
107 | n = max(size, nlbufsiz); | 104 | n = max(size, nlbufsiz); |
108 | skb = alloc_skb(n, GFP_ATOMIC); | 105 | skb = alloc_skb(n, GFP_ATOMIC); |
109 | if (!skb) { | 106 | if (!skb) { |
110 | PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer " | 107 | pr_debug("cannot alloc whole buffer of size %ub!\n", n); |
111 | "of size %ub!\n", n); | ||
112 | if (n > size) { | 108 | if (n > size) { |
113 | /* try to allocate only as much as we need for | 109 | /* try to allocate only as much as we need for |
114 | * current packet */ | 110 | * current packet */ |
115 | skb = alloc_skb(size, GFP_ATOMIC); | 111 | skb = alloc_skb(size, GFP_ATOMIC); |
116 | if (!skb) | 112 | if (!skb) |
117 | PRINTR(KERN_ERR "ebt_ulog: can't even allocate " | 113 | pr_debug("cannot even allocate " |
118 | "buffer of size %ub\n", size); | 114 | "buffer of size %ub\n", size); |
119 | } | 115 | } |
120 | } | 116 | } |
121 | 117 | ||
@@ -142,8 +138,7 @@ static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb, | |||
142 | 138 | ||
143 | size = NLMSG_SPACE(sizeof(*pm) + copy_len); | 139 | size = NLMSG_SPACE(sizeof(*pm) + copy_len); |
144 | if (size > nlbufsiz) { | 140 | if (size > nlbufsiz) { |
145 | PRINTR("ebt_ulog: Size %Zd needed, but nlbufsiz=%d\n", | 141 | pr_debug("Size %Zd needed, but nlbufsiz=%d\n", size, nlbufsiz); |
146 | size, nlbufsiz); | ||
147 | return; | 142 | return; |
148 | } | 143 | } |
149 | 144 | ||
@@ -217,8 +212,8 @@ unlock: | |||
217 | return; | 212 | return; |
218 | 213 | ||
219 | nlmsg_failure: | 214 | nlmsg_failure: |
220 | printk(KERN_CRIT "ebt_ulog: error during NLMSG_PUT. This should " | 215 | pr_debug("error during NLMSG_PUT. This should " |
221 | "not happen, please report to author.\n"); | 216 | "not happen, please report to author.\n"); |
222 | goto unlock; | 217 | goto unlock; |
223 | alloc_failure: | 218 | alloc_failure: |
224 | goto unlock; | 219 | goto unlock; |
@@ -248,26 +243,26 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum, | |||
248 | } | 243 | } |
249 | 244 | ||
250 | static unsigned int | 245 | static unsigned int |
251 | ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par) | 246 | ebt_ulog_tg(struct sk_buff *skb, const struct xt_action_param *par) |
252 | { | 247 | { |
253 | ebt_ulog_packet(par->hooknum, skb, par->in, par->out, | 248 | ebt_ulog_packet(par->hooknum, skb, par->in, par->out, |
254 | par->targinfo, NULL); | 249 | par->targinfo, NULL); |
255 | return EBT_CONTINUE; | 250 | return EBT_CONTINUE; |
256 | } | 251 | } |
257 | 252 | ||
258 | static bool ebt_ulog_tg_check(const struct xt_tgchk_param *par) | 253 | static int ebt_ulog_tg_check(const struct xt_tgchk_param *par) |
259 | { | 254 | { |
260 | struct ebt_ulog_info *uloginfo = par->targinfo; | 255 | struct ebt_ulog_info *uloginfo = par->targinfo; |
261 | 256 | ||
262 | if (uloginfo->nlgroup > 31) | 257 | if (uloginfo->nlgroup > 31) |
263 | return false; | 258 | return -EINVAL; |
264 | 259 | ||
265 | uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; | 260 | uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; |
266 | 261 | ||
267 | if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN) | 262 | if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN) |
268 | uloginfo->qthreshold = EBT_ULOG_MAX_QLEN; | 263 | uloginfo->qthreshold = EBT_ULOG_MAX_QLEN; |
269 | 264 | ||
270 | return true; | 265 | return 0; |
271 | } | 266 | } |
272 | 267 | ||
273 | static struct xt_target ebt_ulog_tg_reg __read_mostly = { | 268 | static struct xt_target ebt_ulog_tg_reg __read_mostly = { |
@@ -292,8 +287,8 @@ static int __init ebt_ulog_init(void) | |||
292 | int i; | 287 | int i; |
293 | 288 | ||
294 | if (nlbufsiz >= 128*1024) { | 289 | if (nlbufsiz >= 128*1024) { |
295 | printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB," | 290 | pr_warning("Netlink buffer has to be <= 128kB," |
296 | " please try a smaller nlbufsiz parameter.\n"); | 291 | " please try a smaller nlbufsiz parameter.\n"); |
297 | return -EINVAL; | 292 | return -EINVAL; |
298 | } | 293 | } |
299 | 294 | ||
@@ -306,13 +301,10 @@ static int __init ebt_ulog_init(void) | |||
306 | ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, | 301 | ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, |
307 | EBT_ULOG_MAXNLGROUPS, NULL, NULL, | 302 | EBT_ULOG_MAXNLGROUPS, NULL, NULL, |
308 | THIS_MODULE); | 303 | THIS_MODULE); |
309 | if (!ebtulognl) { | 304 | if (!ebtulognl) |
310 | printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to " | ||
311 | "call netlink_kernel_create\n"); | ||
312 | ret = -ENOMEM; | 305 | ret = -ENOMEM; |
313 | } else if ((ret = xt_register_target(&ebt_ulog_tg_reg)) != 0) { | 306 | else if ((ret = xt_register_target(&ebt_ulog_tg_reg)) != 0) |
314 | netlink_kernel_release(ebtulognl); | 307 | netlink_kernel_release(ebtulognl); |
315 | } | ||
316 | 308 | ||
317 | if (ret == 0) | 309 | if (ret == 0) |
318 | nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger); | 310 | nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger); |
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c index be1dd2e1f61..87b53b3a921 100644 --- a/net/bridge/netfilter/ebt_vlan.c +++ b/net/bridge/netfilter/ebt_vlan.c | |||
@@ -26,22 +26,17 @@ | |||
26 | #include <linux/netfilter_bridge/ebtables.h> | 26 | #include <linux/netfilter_bridge/ebtables.h> |
27 | #include <linux/netfilter_bridge/ebt_vlan.h> | 27 | #include <linux/netfilter_bridge/ebt_vlan.h> |
28 | 28 | ||
29 | static int debug; | ||
30 | #define MODULE_VERS "0.6" | 29 | #define MODULE_VERS "0.6" |
31 | 30 | ||
32 | module_param(debug, int, 0); | ||
33 | MODULE_PARM_DESC(debug, "debug=1 is turn on debug messages"); | ||
34 | MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>"); | 31 | MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>"); |
35 | MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match"); | 32 | MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match"); |
36 | MODULE_LICENSE("GPL"); | 33 | MODULE_LICENSE("GPL"); |
37 | 34 | ||
38 | |||
39 | #define DEBUG_MSG(args...) if (debug) printk (KERN_DEBUG "ebt_vlan: " args) | ||
40 | #define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ | 35 | #define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ |
41 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } | 36 | #define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } |
42 | 37 | ||
43 | static bool | 38 | static bool |
44 | ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par) | 39 | ebt_vlan_mt(const struct sk_buff *skb, struct xt_action_param *par) |
45 | { | 40 | { |
46 | const struct ebt_vlan_info *info = par->matchinfo; | 41 | const struct ebt_vlan_info *info = par->matchinfo; |
47 | const struct vlan_hdr *fp; | 42 | const struct vlan_hdr *fp; |
@@ -84,32 +79,31 @@ ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |||
84 | return true; | 79 | return true; |
85 | } | 80 | } |
86 | 81 | ||
87 | static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) | 82 | static int ebt_vlan_mt_check(const struct xt_mtchk_param *par) |
88 | { | 83 | { |
89 | struct ebt_vlan_info *info = par->matchinfo; | 84 | struct ebt_vlan_info *info = par->matchinfo; |
90 | const struct ebt_entry *e = par->entryinfo; | 85 | const struct ebt_entry *e = par->entryinfo; |
91 | 86 | ||
92 | /* Is it 802.1Q frame checked? */ | 87 | /* Is it 802.1Q frame checked? */ |
93 | if (e->ethproto != htons(ETH_P_8021Q)) { | 88 | if (e->ethproto != htons(ETH_P_8021Q)) { |
94 | DEBUG_MSG | 89 | pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n", |
95 | ("passed entry proto %2.4X is not 802.1Q (8100)\n", | 90 | ntohs(e->ethproto)); |
96 | (unsigned short) ntohs(e->ethproto)); | 91 | return -EINVAL; |
97 | return false; | ||
98 | } | 92 | } |
99 | 93 | ||
100 | /* Check for bitmask range | 94 | /* Check for bitmask range |
101 | * True if even one bit is out of mask */ | 95 | * True if even one bit is out of mask */ |
102 | if (info->bitmask & ~EBT_VLAN_MASK) { | 96 | if (info->bitmask & ~EBT_VLAN_MASK) { |
103 | DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", | 97 | pr_debug("bitmask %2X is out of mask (%2X)\n", |
104 | info->bitmask, EBT_VLAN_MASK); | 98 | info->bitmask, EBT_VLAN_MASK); |
105 | return false; | 99 | return -EINVAL; |
106 | } | 100 | } |
107 | 101 | ||
108 | /* Check for inversion flags range */ | 102 | /* Check for inversion flags range */ |
109 | if (info->invflags & ~EBT_VLAN_MASK) { | 103 | if (info->invflags & ~EBT_VLAN_MASK) { |
110 | DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", | 104 | pr_debug("inversion flags %2X is out of mask (%2X)\n", |
111 | info->invflags, EBT_VLAN_MASK); | 105 | info->invflags, EBT_VLAN_MASK); |
112 | return false; | 106 | return -EINVAL; |
113 | } | 107 | } |
114 | 108 | ||
115 | /* Reserved VLAN ID (VID) values | 109 | /* Reserved VLAN ID (VID) values |
@@ -121,10 +115,9 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) | |||
121 | if (GET_BITMASK(EBT_VLAN_ID)) { | 115 | if (GET_BITMASK(EBT_VLAN_ID)) { |
122 | if (!!info->id) { /* if id!=0 => check vid range */ | 116 | if (!!info->id) { /* if id!=0 => check vid range */ |
123 | if (info->id > VLAN_GROUP_ARRAY_LEN) { | 117 | if (info->id > VLAN_GROUP_ARRAY_LEN) { |
124 | DEBUG_MSG | 118 | pr_debug("id %d is out of range (1-4096)\n", |
125 | ("id %d is out of range (1-4096)\n", | 119 | info->id); |
126 | info->id); | 120 | return -EINVAL; |
127 | return false; | ||
128 | } | 121 | } |
129 | /* Note: This is valid VLAN-tagged frame point. | 122 | /* Note: This is valid VLAN-tagged frame point. |
130 | * Any value of user_priority are acceptable, | 123 | * Any value of user_priority are acceptable, |
@@ -137,9 +130,9 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) | |||
137 | 130 | ||
138 | if (GET_BITMASK(EBT_VLAN_PRIO)) { | 131 | if (GET_BITMASK(EBT_VLAN_PRIO)) { |
139 | if ((unsigned char) info->prio > 7) { | 132 | if ((unsigned char) info->prio > 7) { |
140 | DEBUG_MSG("prio %d is out of range (0-7)\n", | 133 | pr_debug("prio %d is out of range (0-7)\n", |
141 | info->prio); | 134 | info->prio); |
142 | return false; | 135 | return -EINVAL; |
143 | } | 136 | } |
144 | } | 137 | } |
145 | /* Check for encapsulated proto range - it is possible to be | 138 | /* Check for encapsulated proto range - it is possible to be |
@@ -147,14 +140,13 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) | |||
147 | * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */ | 140 | * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */ |
148 | if (GET_BITMASK(EBT_VLAN_ENCAP)) { | 141 | if (GET_BITMASK(EBT_VLAN_ENCAP)) { |
149 | if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) { | 142 | if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) { |
150 | DEBUG_MSG | 143 | pr_debug("encap frame length %d is less than " |
151 | ("encap frame length %d is less than minimal\n", | 144 | "minimal\n", ntohs(info->encap)); |
152 | ntohs(info->encap)); | 145 | return -EINVAL; |
153 | return false; | ||
154 | } | 146 | } |
155 | } | 147 | } |
156 | 148 | ||
157 | return true; | 149 | return 0; |
158 | } | 150 | } |
159 | 151 | ||
160 | static struct xt_match ebt_vlan_mt_reg __read_mostly = { | 152 | static struct xt_match ebt_vlan_mt_reg __read_mostly = { |
@@ -169,9 +161,7 @@ static struct xt_match ebt_vlan_mt_reg __read_mostly = { | |||
169 | 161 | ||
170 | static int __init ebt_vlan_init(void) | 162 | static int __init ebt_vlan_init(void) |
171 | { | 163 | { |
172 | DEBUG_MSG("ebtables 802.1Q extension module v" | 164 | pr_debug("ebtables 802.1Q extension module v" MODULE_VERS "\n"); |
173 | MODULE_VERS "\n"); | ||
174 | DEBUG_MSG("module debug=%d\n", !!debug); | ||
175 | return xt_register_match(&ebt_vlan_mt_reg); | 165 | return xt_register_match(&ebt_vlan_mt_reg); |
176 | } | 166 | } |
177 | 167 | ||
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index f0865fd1e3e..59ca00e40de 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -14,8 +14,7 @@ | |||
14 | * as published by the Free Software Foundation; either version | 14 | * as published by the Free Software Foundation; either version |
15 | * 2 of the License, or (at your option) any later version. | 15 | * 2 of the License, or (at your option) any later version. |
16 | */ | 16 | */ |
17 | 17 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt | |
18 | |||
19 | #include <linux/kmod.h> | 18 | #include <linux/kmod.h> |
20 | #include <linux/module.h> | 19 | #include <linux/module.h> |
21 | #include <linux/vmalloc.h> | 20 | #include <linux/vmalloc.h> |
@@ -87,7 +86,7 @@ static struct xt_target ebt_standard_target = { | |||
87 | 86 | ||
88 | static inline int | 87 | static inline int |
89 | ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, | 88 | ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, |
90 | struct xt_target_param *par) | 89 | struct xt_action_param *par) |
91 | { | 90 | { |
92 | par->target = w->u.watcher; | 91 | par->target = w->u.watcher; |
93 | par->targinfo = w->data; | 92 | par->targinfo = w->data; |
@@ -96,8 +95,9 @@ ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, | |||
96 | return 0; | 95 | return 0; |
97 | } | 96 | } |
98 | 97 | ||
99 | static inline int ebt_do_match (struct ebt_entry_match *m, | 98 | static inline int |
100 | const struct sk_buff *skb, struct xt_match_param *par) | 99 | ebt_do_match(struct ebt_entry_match *m, const struct sk_buff *skb, |
100 | struct xt_action_param *par) | ||
101 | { | 101 | { |
102 | par->match = m->u.match; | 102 | par->match = m->u.match; |
103 | par->matchinfo = m->data; | 103 | par->matchinfo = m->data; |
@@ -186,15 +186,13 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
186 | struct ebt_entries *chaininfo; | 186 | struct ebt_entries *chaininfo; |
187 | const char *base; | 187 | const char *base; |
188 | const struct ebt_table_info *private; | 188 | const struct ebt_table_info *private; |
189 | bool hotdrop = false; | 189 | struct xt_action_param acpar; |
190 | struct xt_match_param mtpar; | ||
191 | struct xt_target_param tgpar; | ||
192 | 190 | ||
193 | mtpar.family = tgpar.family = NFPROTO_BRIDGE; | 191 | acpar.family = NFPROTO_BRIDGE; |
194 | mtpar.in = tgpar.in = in; | 192 | acpar.in = in; |
195 | mtpar.out = tgpar.out = out; | 193 | acpar.out = out; |
196 | mtpar.hotdrop = &hotdrop; | 194 | acpar.hotdrop = false; |
197 | mtpar.hooknum = tgpar.hooknum = hook; | 195 | acpar.hooknum = hook; |
198 | 196 | ||
199 | read_lock_bh(&table->lock); | 197 | read_lock_bh(&table->lock); |
200 | private = table->private; | 198 | private = table->private; |
@@ -215,9 +213,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
215 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) | 213 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) |
216 | goto letscontinue; | 214 | goto letscontinue; |
217 | 215 | ||
218 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0) | 216 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &acpar) != 0) |
219 | goto letscontinue; | 217 | goto letscontinue; |
220 | if (hotdrop) { | 218 | if (acpar.hotdrop) { |
221 | read_unlock_bh(&table->lock); | 219 | read_unlock_bh(&table->lock); |
222 | return NF_DROP; | 220 | return NF_DROP; |
223 | } | 221 | } |
@@ -228,7 +226,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
228 | 226 | ||
229 | /* these should only watch: not modify, nor tell us | 227 | /* these should only watch: not modify, nor tell us |
230 | what to do with the packet */ | 228 | what to do with the packet */ |
231 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar); | 229 | EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &acpar); |
232 | 230 | ||
233 | t = (struct ebt_entry_target *) | 231 | t = (struct ebt_entry_target *) |
234 | (((char *)point) + point->target_offset); | 232 | (((char *)point) + point->target_offset); |
@@ -236,9 +234,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
236 | if (!t->u.target->target) | 234 | if (!t->u.target->target) |
237 | verdict = ((struct ebt_standard_target *)t)->verdict; | 235 | verdict = ((struct ebt_standard_target *)t)->verdict; |
238 | else { | 236 | else { |
239 | tgpar.target = t->u.target; | 237 | acpar.target = t->u.target; |
240 | tgpar.targinfo = t->data; | 238 | acpar.targinfo = t->data; |
241 | verdict = t->u.target->target(skb, &tgpar); | 239 | verdict = t->u.target->target(skb, &acpar); |
242 | } | 240 | } |
243 | if (verdict == EBT_ACCEPT) { | 241 | if (verdict == EBT_ACCEPT) { |
244 | read_unlock_bh(&table->lock); | 242 | read_unlock_bh(&table->lock); |
@@ -363,12 +361,9 @@ ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par, | |||
363 | left - sizeof(struct ebt_entry_match) < m->match_size) | 361 | left - sizeof(struct ebt_entry_match) < m->match_size) |
364 | return -EINVAL; | 362 | return -EINVAL; |
365 | 363 | ||
366 | match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, | 364 | match = xt_request_find_match(NFPROTO_BRIDGE, m->u.name, 0); |
367 | m->u.name, 0), "ebt_%s", m->u.name); | ||
368 | if (IS_ERR(match)) | 365 | if (IS_ERR(match)) |
369 | return PTR_ERR(match); | 366 | return PTR_ERR(match); |
370 | if (match == NULL) | ||
371 | return -ENOENT; | ||
372 | m->u.match = match; | 367 | m->u.match = match; |
373 | 368 | ||
374 | par->match = match; | 369 | par->match = match; |
@@ -397,13 +392,9 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par, | |||
397 | left - sizeof(struct ebt_entry_watcher) < w->watcher_size) | 392 | left - sizeof(struct ebt_entry_watcher) < w->watcher_size) |
398 | return -EINVAL; | 393 | return -EINVAL; |
399 | 394 | ||
400 | watcher = try_then_request_module( | 395 | watcher = xt_request_find_target(NFPROTO_BRIDGE, w->u.name, 0); |
401 | xt_find_target(NFPROTO_BRIDGE, w->u.name, 0), | ||
402 | "ebt_%s", w->u.name); | ||
403 | if (IS_ERR(watcher)) | 396 | if (IS_ERR(watcher)) |
404 | return PTR_ERR(watcher); | 397 | return PTR_ERR(watcher); |
405 | if (watcher == NULL) | ||
406 | return -ENOENT; | ||
407 | w->u.watcher = watcher; | 398 | w->u.watcher = watcher; |
408 | 399 | ||
409 | par->target = watcher; | 400 | par->target = watcher; |
@@ -716,15 +707,10 @@ ebt_check_entry(struct ebt_entry *e, struct net *net, | |||
716 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | 707 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); |
717 | gap = e->next_offset - e->target_offset; | 708 | gap = e->next_offset - e->target_offset; |
718 | 709 | ||
719 | target = try_then_request_module( | 710 | target = xt_request_find_target(NFPROTO_BRIDGE, t->u.name, 0); |
720 | xt_find_target(NFPROTO_BRIDGE, t->u.name, 0), | ||
721 | "ebt_%s", t->u.name); | ||
722 | if (IS_ERR(target)) { | 711 | if (IS_ERR(target)) { |
723 | ret = PTR_ERR(target); | 712 | ret = PTR_ERR(target); |
724 | goto cleanup_watchers; | 713 | goto cleanup_watchers; |
725 | } else if (target == NULL) { | ||
726 | ret = -ENOENT; | ||
727 | goto cleanup_watchers; | ||
728 | } | 714 | } |
729 | 715 | ||
730 | t->u.target = target; | 716 | t->u.target = target; |
@@ -2128,7 +2114,7 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base, | |||
2128 | return ret; | 2114 | return ret; |
2129 | new_offset += ret; | 2115 | new_offset += ret; |
2130 | if (offsets_update && new_offset) { | 2116 | if (offsets_update && new_offset) { |
2131 | pr_debug("ebtables: change offset %d to %d\n", | 2117 | pr_debug("change offset %d to %d\n", |
2132 | offsets_update[i], offsets[j] + new_offset); | 2118 | offsets_update[i], offsets[j] + new_offset); |
2133 | offsets_update[i] = offsets[j] + new_offset; | 2119 | offsets_update[i] = offsets[j] + new_offset; |
2134 | } | 2120 | } |