aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/Kconfig6
-rw-r--r--net/bridge/br.c2
-rw-r--r--net/bridge/br_device.c131
-rw-r--r--net/bridge/br_fdb.c9
-rw-r--r--net/bridge/br_forward.c51
-rw-r--r--net/bridge/br_if.c14
-rw-r--r--net/bridge/br_input.c12
-rw-r--r--net/bridge/br_ioctl.c2
-rw-r--r--net/bridge/br_multicast.c690
-rw-r--r--net/bridge/br_netfilter.c263
-rw-r--r--net/bridge/br_netlink.c8
-rw-r--r--net/bridge/br_notify.c11
-rw-r--r--net/bridge/br_private.h57
-rw-r--r--net/bridge/br_stp.c11
-rw-r--r--net/bridge/br_stp_bpdu.c2
-rw-r--r--net/bridge/br_stp_if.c16
-rw-r--r--net/bridge/br_stp_timer.c24
-rw-r--r--net/bridge/br_sysfs_if.c32
-rw-r--r--net/bridge/netfilter/ebt_802_3.c8
-rw-r--r--net/bridge/netfilter/ebt_among.c27
-rw-r--r--net/bridge/netfilter/ebt_arp.c10
-rw-r--r--net/bridge/netfilter/ebt_arpreply.c10
-rw-r--r--net/bridge/netfilter/ebt_dnat.c12
-rw-r--r--net/bridge/netfilter/ebt_ip.c18
-rw-r--r--net/bridge/netfilter/ebt_ip6.c39
-rw-r--r--net/bridge/netfilter/ebt_limit.c11
-rw-r--r--net/bridge/netfilter/ebt_log.c10
-rw-r--r--net/bridge/netfilter/ebt_mark.c12
-rw-r--r--net/bridge/netfilter/ebt_mark_m.c12
-rw-r--r--net/bridge/netfilter/ebt_nflog.c8
-rw-r--r--net/bridge/netfilter/ebt_pkttype.c8
-rw-r--r--net/bridge/netfilter/ebt_redirect.c12
-rw-r--r--net/bridge/netfilter/ebt_snat.c12
-rw-r--r--net/bridge/netfilter/ebt_stp.c10
-rw-r--r--net/bridge/netfilter/ebt_ulog.c38
-rw-r--r--net/bridge/netfilter/ebt_vlan.c54
-rw-r--r--net/bridge/netfilter/ebtables.c56
37 files changed, 1153 insertions, 555 deletions
diff --git a/net/bridge/Kconfig b/net/bridge/Kconfig
index d115d5cea5b..9190ae462cb 100644
--- a/net/bridge/Kconfig
+++ b/net/bridge/Kconfig
@@ -33,14 +33,14 @@ config BRIDGE
33 If unsure, say N. 33 If unsure, say N.
34 34
35config BRIDGE_IGMP_SNOOPING 35config BRIDGE_IGMP_SNOOPING
36 bool "IGMP snooping" 36 bool "IGMP/MLD snooping"
37 depends on BRIDGE 37 depends on BRIDGE
38 depends on INET 38 depends on INET
39 default y 39 default y
40 ---help--- 40 ---help---
41 If you say Y here, then the Ethernet bridge will be able selectively 41 If you say Y here, then the Ethernet bridge will be able selectively
42 forward multicast traffic based on IGMP traffic received from each 42 forward multicast traffic based on IGMP/MLD traffic received from
43 port. 43 each port.
44 44
45 Say N to exclude this support and reduce the binary size. 45 Say N to exclude this support and reduce the binary size.
46 46
diff --git a/net/bridge/br.c b/net/bridge/br.c
index e1241c76239..76357b54775 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -38,7 +38,7 @@ static int __init br_init(void)
38 38
39 err = stp_proto_register(&br_stp_proto); 39 err = stp_proto_register(&br_stp_proto);
40 if (err < 0) { 40 if (err < 0) {
41 printk(KERN_ERR "bridge: can't register sap for STP\n"); 41 pr_err("bridge: can't register sap for STP\n");
42 return err; 42 return err;
43 } 43 }
44 44
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 90a9024e5c1..eedf2c94820 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -13,8 +13,11 @@
13 13
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/netdevice.h> 15#include <linux/netdevice.h>
16#include <linux/netpoll.h>
16#include <linux/etherdevice.h> 17#include <linux/etherdevice.h>
17#include <linux/ethtool.h> 18#include <linux/ethtool.h>
19#include <linux/list.h>
20#include <linux/netfilter_bridge.h>
18 21
19#include <asm/uaccess.h> 22#include <asm/uaccess.h>
20#include "br_private.h" 23#include "br_private.h"
@@ -26,16 +29,24 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
26 const unsigned char *dest = skb->data; 29 const unsigned char *dest = skb->data;
27 struct net_bridge_fdb_entry *dst; 30 struct net_bridge_fdb_entry *dst;
28 struct net_bridge_mdb_entry *mdst; 31 struct net_bridge_mdb_entry *mdst;
32 struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats);
29 33
30 BR_INPUT_SKB_CB(skb)->brdev = dev; 34#ifdef CONFIG_BRIDGE_NETFILTER
35 if (skb->nf_bridge && (skb->nf_bridge->mask & BRNF_BRIDGED_DNAT)) {
36 br_nf_pre_routing_finish_bridge_slow(skb);
37 return NETDEV_TX_OK;
38 }
39#endif
31 40
32 dev->stats.tx_packets++; 41 brstats->tx_packets++;
33 dev->stats.tx_bytes += skb->len; 42 brstats->tx_bytes += skb->len;
43
44 BR_INPUT_SKB_CB(skb)->brdev = dev;
34 45
35 skb_reset_mac_header(skb); 46 skb_reset_mac_header(skb);
36 skb_pull(skb, ETH_HLEN); 47 skb_pull(skb, ETH_HLEN);
37 48
38 if (dest[0] & 1) { 49 if (is_multicast_ether_addr(dest)) {
39 if (br_multicast_rcv(br, NULL, skb)) 50 if (br_multicast_rcv(br, NULL, skb))
40 goto out; 51 goto out;
41 52
@@ -81,6 +92,31 @@ static int br_dev_stop(struct net_device *dev)
81 return 0; 92 return 0;
82} 93}
83 94
95static struct net_device_stats *br_get_stats(struct net_device *dev)
96{
97 struct net_bridge *br = netdev_priv(dev);
98 struct net_device_stats *stats = &dev->stats;
99 struct br_cpu_netstats sum = { 0 };
100 unsigned int cpu;
101
102 for_each_possible_cpu(cpu) {
103 const struct br_cpu_netstats *bstats
104 = per_cpu_ptr(br->stats, cpu);
105
106 sum.tx_bytes += bstats->tx_bytes;
107 sum.tx_packets += bstats->tx_packets;
108 sum.rx_bytes += bstats->rx_bytes;
109 sum.rx_packets += bstats->rx_packets;
110 }
111
112 stats->tx_bytes = sum.tx_bytes;
113 stats->tx_packets = sum.tx_packets;
114 stats->rx_bytes = sum.rx_bytes;
115 stats->rx_packets = sum.rx_packets;
116
117 return stats;
118}
119
84static int br_change_mtu(struct net_device *dev, int new_mtu) 120static int br_change_mtu(struct net_device *dev, int new_mtu)
85{ 121{
86 struct net_bridge *br = netdev_priv(dev); 122 struct net_bridge *br = netdev_priv(dev);
@@ -162,6 +198,78 @@ static int br_set_tx_csum(struct net_device *dev, u32 data)
162 return 0; 198 return 0;
163} 199}
164 200
201#ifdef CONFIG_NET_POLL_CONTROLLER
202static bool br_devices_support_netpoll(struct net_bridge *br)
203{
204 struct net_bridge_port *p;
205 bool ret = true;
206 int count = 0;
207 unsigned long flags;
208
209 spin_lock_irqsave(&br->lock, flags);
210 list_for_each_entry(p, &br->port_list, list) {
211 count++;
212 if ((p->dev->priv_flags & IFF_DISABLE_NETPOLL) ||
213 !p->dev->netdev_ops->ndo_poll_controller)
214 ret = false;
215 }
216 spin_unlock_irqrestore(&br->lock, flags);
217 return count != 0 && ret;
218}
219
220static void br_poll_controller(struct net_device *br_dev)
221{
222 struct netpoll *np = br_dev->npinfo->netpoll;
223
224 if (np->real_dev != br_dev)
225 netpoll_poll_dev(np->real_dev);
226}
227
228void br_netpoll_cleanup(struct net_device *dev)
229{
230 struct net_bridge *br = netdev_priv(dev);
231 struct net_bridge_port *p, *n;
232 const struct net_device_ops *ops;
233
234 br->dev->npinfo = NULL;
235 list_for_each_entry_safe(p, n, &br->port_list, list) {
236 if (p->dev) {
237 ops = p->dev->netdev_ops;
238 if (ops->ndo_netpoll_cleanup)
239 ops->ndo_netpoll_cleanup(p->dev);
240 else
241 p->dev->npinfo = NULL;
242 }
243 }
244}
245
246void br_netpoll_disable(struct net_bridge *br,
247 struct net_device *dev)
248{
249 if (br_devices_support_netpoll(br))
250 br->dev->priv_flags &= ~IFF_DISABLE_NETPOLL;
251 if (dev->netdev_ops->ndo_netpoll_cleanup)
252 dev->netdev_ops->ndo_netpoll_cleanup(dev);
253 else
254 dev->npinfo = NULL;
255}
256
257void br_netpoll_enable(struct net_bridge *br,
258 struct net_device *dev)
259{
260 if (br_devices_support_netpoll(br)) {
261 br->dev->priv_flags &= ~IFF_DISABLE_NETPOLL;
262 if (br->dev->npinfo)
263 dev->npinfo = br->dev->npinfo;
264 } else if (!(br->dev->priv_flags & IFF_DISABLE_NETPOLL)) {
265 br->dev->priv_flags |= IFF_DISABLE_NETPOLL;
266 br_info(br,"new device %s does not support netpoll (disabling)",
267 dev->name);
268 }
269}
270
271#endif
272
165static const struct ethtool_ops br_ethtool_ops = { 273static const struct ethtool_ops br_ethtool_ops = {
166 .get_drvinfo = br_getinfo, 274 .get_drvinfo = br_getinfo,
167 .get_link = ethtool_op_get_link, 275 .get_link = ethtool_op_get_link,
@@ -180,19 +288,32 @@ static const struct net_device_ops br_netdev_ops = {
180 .ndo_open = br_dev_open, 288 .ndo_open = br_dev_open,
181 .ndo_stop = br_dev_stop, 289 .ndo_stop = br_dev_stop,
182 .ndo_start_xmit = br_dev_xmit, 290 .ndo_start_xmit = br_dev_xmit,
291 .ndo_get_stats = br_get_stats,
183 .ndo_set_mac_address = br_set_mac_address, 292 .ndo_set_mac_address = br_set_mac_address,
184 .ndo_set_multicast_list = br_dev_set_multicast_list, 293 .ndo_set_multicast_list = br_dev_set_multicast_list,
185 .ndo_change_mtu = br_change_mtu, 294 .ndo_change_mtu = br_change_mtu,
186 .ndo_do_ioctl = br_dev_ioctl, 295 .ndo_do_ioctl = br_dev_ioctl,
296#ifdef CONFIG_NET_POLL_CONTROLLER
297 .ndo_netpoll_cleanup = br_netpoll_cleanup,
298 .ndo_poll_controller = br_poll_controller,
299#endif
187}; 300};
188 301
302static void br_dev_free(struct net_device *dev)
303{
304 struct net_bridge *br = netdev_priv(dev);
305
306 free_percpu(br->stats);
307 free_netdev(dev);
308}
309
189void br_dev_setup(struct net_device *dev) 310void br_dev_setup(struct net_device *dev)
190{ 311{
191 random_ether_addr(dev->dev_addr); 312 random_ether_addr(dev->dev_addr);
192 ether_setup(dev); 313 ether_setup(dev);
193 314
194 dev->netdev_ops = &br_netdev_ops; 315 dev->netdev_ops = &br_netdev_ops;
195 dev->destructor = free_netdev; 316 dev->destructor = br_dev_free;
196 SET_ETHTOOL_OPS(dev, &br_ethtool_ops); 317 SET_ETHTOOL_OPS(dev, &br_ethtool_ops);
197 dev->tx_queue_len = 0; 318 dev->tx_queue_len = 0;
198 dev->priv_flags = IFF_EBRIDGE; 319 dev->priv_flags = IFF_EBRIDGE;
diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
index 9101a4e5620..26637439965 100644
--- a/net/bridge/br_fdb.c
+++ b/net/bridge/br_fdb.c
@@ -353,8 +353,7 @@ static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source,
353 */ 353 */
354 if (fdb->is_local) 354 if (fdb->is_local)
355 return 0; 355 return 0;
356 356 br_warn(br, "adding interface %s with same address "
357 printk(KERN_WARNING "%s adding interface with same address "
358 "as a received packet\n", 357 "as a received packet\n",
359 source->dev->name); 358 source->dev->name);
360 fdb_delete(fdb); 359 fdb_delete(fdb);
@@ -397,9 +396,9 @@ void br_fdb_update(struct net_bridge *br, struct net_bridge_port *source,
397 /* attempt to update an entry for a local interface */ 396 /* attempt to update an entry for a local interface */
398 if (unlikely(fdb->is_local)) { 397 if (unlikely(fdb->is_local)) {
399 if (net_ratelimit()) 398 if (net_ratelimit())
400 printk(KERN_WARNING "%s: received packet with " 399 br_warn(br, "received packet on %s with "
401 "own address as source address\n", 400 "own address as source address\n",
402 source->dev->name); 401 source->dev->name);
403 } else { 402 } else {
404 /* fastpath: update of existing entry */ 403 /* fastpath: update of existing entry */
405 fdb->dst = source; 404 fdb->dst = source;
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 7a241c39698..a98ef139309 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -15,6 +15,7 @@
15#include <linux/slab.h> 15#include <linux/slab.h>
16#include <linux/kernel.h> 16#include <linux/kernel.h>
17#include <linux/netdevice.h> 17#include <linux/netdevice.h>
18#include <linux/netpoll.h>
18#include <linux/skbuff.h> 19#include <linux/skbuff.h>
19#include <linux/if_vlan.h> 20#include <linux/if_vlan.h>
20#include <linux/netfilter_bridge.h> 21#include <linux/netfilter_bridge.h>
@@ -44,13 +45,19 @@ int br_dev_queue_push_xmit(struct sk_buff *skb)
44 if (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb)) 45 if (packet_length(skb) > skb->dev->mtu && !skb_is_gso(skb))
45 kfree_skb(skb); 46 kfree_skb(skb);
46 else { 47 else {
47 /* ip_refrag calls ip_fragment, doesn't copy the MAC header. */ 48 /* ip_fragment doesn't copy the MAC header */
48 if (nf_bridge_maybe_copy_header(skb)) 49 if (nf_bridge_maybe_copy_header(skb))
49 kfree_skb(skb); 50 kfree_skb(skb);
50 else { 51 else {
51 skb_push(skb, ETH_HLEN); 52 skb_push(skb, ETH_HLEN);
52 53
53 dev_queue_xmit(skb); 54#ifdef CONFIG_NET_POLL_CONTROLLER
55 if (unlikely(skb->dev->priv_flags & IFF_IN_NETPOLL)) {
56 netpoll_send_skb(skb->dev->npinfo->netpoll, skb);
57 skb->dev->priv_flags &= ~IFF_IN_NETPOLL;
58 } else
59#endif
60 dev_queue_xmit(skb);
54 } 61 }
55 } 62 }
56 63
@@ -59,16 +66,30 @@ int br_dev_queue_push_xmit(struct sk_buff *skb)
59 66
60int br_forward_finish(struct sk_buff *skb) 67int br_forward_finish(struct sk_buff *skb)
61{ 68{
62 return NF_HOOK(PF_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 69 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev,
63 br_dev_queue_push_xmit); 70 br_dev_queue_push_xmit);
64 71
65} 72}
66 73
67static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb) 74static void __br_deliver(const struct net_bridge_port *to, struct sk_buff *skb)
68{ 75{
76#ifdef CONFIG_NET_POLL_CONTROLLER
77 struct net_bridge *br = to->br;
78 if (unlikely(br->dev->priv_flags & IFF_IN_NETPOLL)) {
79 struct netpoll *np;
80 to->dev->npinfo = skb->dev->npinfo;
81 np = skb->dev->npinfo->netpoll;
82 np->real_dev = np->dev = to->dev;
83 to->dev->priv_flags |= IFF_IN_NETPOLL;
84 }
85#endif
69 skb->dev = to->dev; 86 skb->dev = to->dev;
70 NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 87 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
71 br_forward_finish); 88 br_forward_finish);
89#ifdef CONFIG_NET_POLL_CONTROLLER
90 if (skb->dev->npinfo)
91 skb->dev->npinfo->netpoll->dev = br->dev;
92#endif
72} 93}
73 94
74static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb) 95static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
@@ -84,8 +105,8 @@ static void __br_forward(const struct net_bridge_port *to, struct sk_buff *skb)
84 skb->dev = to->dev; 105 skb->dev = to->dev;
85 skb_forward_csum(skb); 106 skb_forward_csum(skb);
86 107
87 NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 108 NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev,
88 br_forward_finish); 109 br_forward_finish);
89} 110}
90 111
91/* called with rcu_read_lock */ 112/* called with rcu_read_lock */
@@ -208,17 +229,15 @@ static void br_multicast_flood(struct net_bridge_mdb_entry *mdst,
208{ 229{
209 struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev; 230 struct net_device *dev = BR_INPUT_SKB_CB(skb)->brdev;
210 struct net_bridge *br = netdev_priv(dev); 231 struct net_bridge *br = netdev_priv(dev);
211 struct net_bridge_port *port; 232 struct net_bridge_port *prev = NULL;
212 struct net_bridge_port *lport, *rport;
213 struct net_bridge_port *prev;
214 struct net_bridge_port_group *p; 233 struct net_bridge_port_group *p;
215 struct hlist_node *rp; 234 struct hlist_node *rp;
216 235
217 prev = NULL; 236 rp = rcu_dereference(br->router_list.first);
218 237 p = mdst ? rcu_dereference(mdst->ports) : NULL;
219 rp = br->router_list.first;
220 p = mdst ? mdst->ports : NULL;
221 while (p || rp) { 238 while (p || rp) {
239 struct net_bridge_port *port, *lport, *rport;
240
222 lport = p ? p->port : NULL; 241 lport = p ? p->port : NULL;
223 rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) : 242 rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) :
224 NULL; 243 NULL;
@@ -231,9 +250,9 @@ static void br_multicast_flood(struct net_bridge_mdb_entry *mdst,
231 goto out; 250 goto out;
232 251
233 if ((unsigned long)lport >= (unsigned long)port) 252 if ((unsigned long)lport >= (unsigned long)port)
234 p = p->next; 253 p = rcu_dereference(p->next);
235 if ((unsigned long)rport >= (unsigned long)port) 254 if ((unsigned long)rport >= (unsigned long)port)
236 rp = rp->next; 255 rp = rcu_dereference(rp->next);
237 } 256 }
238 257
239 if (!prev) 258 if (!prev)
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 0b6b1f2ff7a..18b245e2c00 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -13,6 +13,7 @@
13 13
14#include <linux/kernel.h> 14#include <linux/kernel.h>
15#include <linux/netdevice.h> 15#include <linux/netdevice.h>
16#include <linux/netpoll.h>
16#include <linux/ethtool.h> 17#include <linux/ethtool.h>
17#include <linux/if_arp.h> 18#include <linux/if_arp.h>
18#include <linux/module.h> 19#include <linux/module.h>
@@ -132,7 +133,7 @@ static void del_nbp(struct net_bridge_port *p)
132 struct net_bridge *br = p->br; 133 struct net_bridge *br = p->br;
133 struct net_device *dev = p->dev; 134 struct net_device *dev = p->dev;
134 135
135 sysfs_remove_link(br->ifobj, dev->name); 136 sysfs_remove_link(br->ifobj, p->dev->name);
136 137
137 dev_set_promiscuity(dev, -1); 138 dev_set_promiscuity(dev, -1);
138 139
@@ -153,6 +154,7 @@ static void del_nbp(struct net_bridge_port *p)
153 kobject_uevent(&p->kobj, KOBJ_REMOVE); 154 kobject_uevent(&p->kobj, KOBJ_REMOVE);
154 kobject_del(&p->kobj); 155 kobject_del(&p->kobj);
155 156
157 br_netpoll_disable(br, dev);
156 call_rcu(&p->rcu, destroy_nbp_rcu); 158 call_rcu(&p->rcu, destroy_nbp_rcu);
157} 159}
158 160
@@ -165,6 +167,8 @@ static void del_br(struct net_bridge *br, struct list_head *head)
165 del_nbp(p); 167 del_nbp(p);
166 } 168 }
167 169
170 br_netpoll_cleanup(br->dev);
171
168 del_timer_sync(&br->gc_timer); 172 del_timer_sync(&br->gc_timer);
169 173
170 br_sysfs_delbr(br->dev); 174 br_sysfs_delbr(br->dev);
@@ -186,6 +190,12 @@ static struct net_device *new_bridge_dev(struct net *net, const char *name)
186 br = netdev_priv(dev); 190 br = netdev_priv(dev);
187 br->dev = dev; 191 br->dev = dev;
188 192
193 br->stats = alloc_percpu(struct br_cpu_netstats);
194 if (!br->stats) {
195 free_netdev(dev);
196 return NULL;
197 }
198
189 spin_lock_init(&br->lock); 199 spin_lock_init(&br->lock);
190 INIT_LIST_HEAD(&br->port_list); 200 INIT_LIST_HEAD(&br->port_list);
191 spin_lock_init(&br->hash_lock); 201 spin_lock_init(&br->hash_lock);
@@ -438,6 +448,8 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
438 448
439 kobject_uevent(&p->kobj, KOBJ_ADD); 449 kobject_uevent(&p->kobj, KOBJ_ADD);
440 450
451 br_netpoll_enable(br, dev);
452
441 return 0; 453 return 0;
442err2: 454err2:
443 br_fdb_delete_by_port(br, p, 1); 455 br_fdb_delete_by_port(br, p, 1);
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index a82dde2d2ea..d36e700f7a2 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -24,14 +24,16 @@ const u8 br_group_address[ETH_ALEN] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 };
24static int br_pass_frame_up(struct sk_buff *skb) 24static int br_pass_frame_up(struct sk_buff *skb)
25{ 25{
26 struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev; 26 struct net_device *indev, *brdev = BR_INPUT_SKB_CB(skb)->brdev;
27 struct net_bridge *br = netdev_priv(brdev);
28 struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats);
27 29
28 brdev->stats.rx_packets++; 30 brstats->rx_packets++;
29 brdev->stats.rx_bytes += skb->len; 31 brstats->rx_bytes += skb->len;
30 32
31 indev = skb->dev; 33 indev = skb->dev;
32 skb->dev = brdev; 34 skb->dev = brdev;
33 35
34 return NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, 36 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL,
35 netif_receive_skb); 37 netif_receive_skb);
36} 38}
37 39
@@ -154,7 +156,7 @@ struct sk_buff *br_handle_frame(struct net_bridge_port *p, struct sk_buff *skb)
154 if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0) 156 if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0)
155 goto forward; 157 goto forward;
156 158
157 if (NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 159 if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
158 NULL, br_handle_local_finish)) 160 NULL, br_handle_local_finish))
159 return NULL; /* frame consumed by filter */ 161 return NULL; /* frame consumed by filter */
160 else 162 else
@@ -175,7 +177,7 @@ forward:
175 if (!compare_ether_addr(p->br->dev->dev_addr, dest)) 177 if (!compare_ether_addr(p->br->dev->dev_addr, dest))
176 skb->pkt_type = PACKET_HOST; 178 skb->pkt_type = PACKET_HOST;
177 179
178 NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 180 NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
179 br_handle_frame_finish); 181 br_handle_frame_finish);
180 break; 182 break;
181 default: 183 default:
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c
index 995afc4b04d..cb43312b846 100644
--- a/net/bridge/br_ioctl.c
+++ b/net/bridge/br_ioctl.c
@@ -412,6 +412,6 @@ int br_dev_ioctl(struct net_device *dev, struct ifreq *rq, int cmd)
412 412
413 } 413 }
414 414
415 pr_debug("Bridge does not support ioctl 0x%x\n", cmd); 415 br_debug(br, "Bridge does not support ioctl 0x%x\n", cmd);
416 return -EOPNOTSUPP; 416 return -EOPNOTSUPP;
417} 417}
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index eaa0e1bae49..9d21d98ae5f 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -24,51 +24,139 @@
24#include <linux/slab.h> 24#include <linux/slab.h>
25#include <linux/timer.h> 25#include <linux/timer.h>
26#include <net/ip.h> 26#include <net/ip.h>
27#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
28#include <net/ipv6.h>
29#include <net/mld.h>
30#include <net/addrconf.h>
31#include <net/ip6_checksum.h>
32#endif
27 33
28#include "br_private.h" 34#include "br_private.h"
29 35
30static inline int br_ip_hash(struct net_bridge_mdb_htable *mdb, __be32 ip) 36#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
37static inline int ipv6_is_local_multicast(const struct in6_addr *addr)
31{ 38{
32 return jhash_1word(mdb->secret, (u32)ip) & (mdb->max - 1); 39 if (ipv6_addr_is_multicast(addr) &&
40 IPV6_ADDR_MC_SCOPE(addr) <= IPV6_ADDR_SCOPE_LINKLOCAL)
41 return 1;
42 return 0;
43}
44#endif
45
46static inline int br_ip_equal(const struct br_ip *a, const struct br_ip *b)
47{
48 if (a->proto != b->proto)
49 return 0;
50 switch (a->proto) {
51 case htons(ETH_P_IP):
52 return a->u.ip4 == b->u.ip4;
53#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
54 case htons(ETH_P_IPV6):
55 return ipv6_addr_equal(&a->u.ip6, &b->u.ip6);
56#endif
57 }
58 return 0;
59}
60
61static inline int __br_ip4_hash(struct net_bridge_mdb_htable *mdb, __be32 ip)
62{
63 return jhash_1word(mdb->secret, (__force u32)ip) & (mdb->max - 1);
64}
65
66#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
67static inline int __br_ip6_hash(struct net_bridge_mdb_htable *mdb,
68 const struct in6_addr *ip)
69{
70 return jhash2((__force u32 *)ip->s6_addr32, 4, mdb->secret) & (mdb->max - 1);
71}
72#endif
73
74static inline int br_ip_hash(struct net_bridge_mdb_htable *mdb,
75 struct br_ip *ip)
76{
77 switch (ip->proto) {
78 case htons(ETH_P_IP):
79 return __br_ip4_hash(mdb, ip->u.ip4);
80#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
81 case htons(ETH_P_IPV6):
82 return __br_ip6_hash(mdb, &ip->u.ip6);
83#endif
84 }
85 return 0;
33} 86}
34 87
35static struct net_bridge_mdb_entry *__br_mdb_ip_get( 88static struct net_bridge_mdb_entry *__br_mdb_ip_get(
36 struct net_bridge_mdb_htable *mdb, __be32 dst, int hash) 89 struct net_bridge_mdb_htable *mdb, struct br_ip *dst, int hash)
37{ 90{
38 struct net_bridge_mdb_entry *mp; 91 struct net_bridge_mdb_entry *mp;
39 struct hlist_node *p; 92 struct hlist_node *p;
40 93
41 hlist_for_each_entry_rcu(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) { 94 hlist_for_each_entry_rcu(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) {
42 if (dst == mp->addr) 95 if (br_ip_equal(&mp->addr, dst))
43 return mp; 96 return mp;
44 } 97 }
45 98
46 return NULL; 99 return NULL;
47} 100}
48 101
49static struct net_bridge_mdb_entry *br_mdb_ip_get( 102static struct net_bridge_mdb_entry *br_mdb_ip4_get(
50 struct net_bridge_mdb_htable *mdb, __be32 dst) 103 struct net_bridge_mdb_htable *mdb, __be32 dst)
51{ 104{
52 if (!mdb) 105 struct br_ip br_dst;
53 return NULL; 106
107 br_dst.u.ip4 = dst;
108 br_dst.proto = htons(ETH_P_IP);
109
110 return __br_mdb_ip_get(mdb, &br_dst, __br_ip4_hash(mdb, dst));
111}
112
113#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
114static struct net_bridge_mdb_entry *br_mdb_ip6_get(
115 struct net_bridge_mdb_htable *mdb, const struct in6_addr *dst)
116{
117 struct br_ip br_dst;
118
119 ipv6_addr_copy(&br_dst.u.ip6, dst);
120 br_dst.proto = htons(ETH_P_IPV6);
54 121
122 return __br_mdb_ip_get(mdb, &br_dst, __br_ip6_hash(mdb, dst));
123}
124#endif
125
126static struct net_bridge_mdb_entry *br_mdb_ip_get(
127 struct net_bridge_mdb_htable *mdb, struct br_ip *dst)
128{
55 return __br_mdb_ip_get(mdb, dst, br_ip_hash(mdb, dst)); 129 return __br_mdb_ip_get(mdb, dst, br_ip_hash(mdb, dst));
56} 130}
57 131
58struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br, 132struct net_bridge_mdb_entry *br_mdb_get(struct net_bridge *br,
59 struct sk_buff *skb) 133 struct sk_buff *skb)
60{ 134{
61 if (br->multicast_disabled) 135 struct net_bridge_mdb_htable *mdb = br->mdb;
136 struct br_ip ip;
137
138 if (!mdb || br->multicast_disabled)
62 return NULL; 139 return NULL;
63 140
141 if (BR_INPUT_SKB_CB(skb)->igmp)
142 return NULL;
143
144 ip.proto = skb->protocol;
145
64 switch (skb->protocol) { 146 switch (skb->protocol) {
65 case htons(ETH_P_IP): 147 case htons(ETH_P_IP):
66 if (BR_INPUT_SKB_CB(skb)->igmp) 148 ip.u.ip4 = ip_hdr(skb)->daddr;
67 break; 149 break;
68 return br_mdb_ip_get(br->mdb, ip_hdr(skb)->daddr); 150#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
151 case htons(ETH_P_IPV6):
152 ipv6_addr_copy(&ip.u.ip6, &ipv6_hdr(skb)->daddr);
153 break;
154#endif
155 default:
156 return NULL;
69 } 157 }
70 158
71 return NULL; 159 return br_mdb_ip_get(mdb, &ip);
72} 160}
73 161
74static void br_mdb_free(struct rcu_head *head) 162static void br_mdb_free(struct rcu_head *head)
@@ -95,7 +183,7 @@ static int br_mdb_copy(struct net_bridge_mdb_htable *new,
95 for (i = 0; i < old->max; i++) 183 for (i = 0; i < old->max; i++)
96 hlist_for_each_entry(mp, p, &old->mhash[i], hlist[old->ver]) 184 hlist_for_each_entry(mp, p, &old->mhash[i], hlist[old->ver])
97 hlist_add_head(&mp->hlist[new->ver], 185 hlist_add_head(&mp->hlist[new->ver],
98 &new->mhash[br_ip_hash(new, mp->addr)]); 186 &new->mhash[br_ip_hash(new, &mp->addr)]);
99 187
100 if (!elasticity) 188 if (!elasticity)
101 return 0; 189 return 0;
@@ -163,7 +251,7 @@ static void br_multicast_del_pg(struct net_bridge *br,
163 struct net_bridge_port_group *p; 251 struct net_bridge_port_group *p;
164 struct net_bridge_port_group **pp; 252 struct net_bridge_port_group **pp;
165 253
166 mp = br_mdb_ip_get(mdb, pg->addr); 254 mp = br_mdb_ip_get(mdb, &pg->addr);
167 if (WARN_ON(!mp)) 255 if (WARN_ON(!mp))
168 return; 256 return;
169 257
@@ -171,7 +259,7 @@ static void br_multicast_del_pg(struct net_bridge *br,
171 if (p != pg) 259 if (p != pg)
172 continue; 260 continue;
173 261
174 *pp = p->next; 262 rcu_assign_pointer(*pp, p->next);
175 hlist_del_init(&p->mglist); 263 hlist_del_init(&p->mglist);
176 del_timer(&p->timer); 264 del_timer(&p->timer);
177 del_timer(&p->query_timer); 265 del_timer(&p->query_timer);
@@ -249,8 +337,8 @@ out:
249 return 0; 337 return 0;
250} 338}
251 339
252static struct sk_buff *br_multicast_alloc_query(struct net_bridge *br, 340static struct sk_buff *br_ip4_multicast_alloc_query(struct net_bridge *br,
253 __be32 group) 341 __be32 group)
254{ 342{
255 struct sk_buff *skb; 343 struct sk_buff *skb;
256 struct igmphdr *ih; 344 struct igmphdr *ih;
@@ -314,12 +402,104 @@ out:
314 return skb; 402 return skb;
315} 403}
316 404
405#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
406static struct sk_buff *br_ip6_multicast_alloc_query(struct net_bridge *br,
407 struct in6_addr *group)
408{
409 struct sk_buff *skb;
410 struct ipv6hdr *ip6h;
411 struct mld_msg *mldq;
412 struct ethhdr *eth;
413 u8 *hopopt;
414 unsigned long interval;
415
416 skb = netdev_alloc_skb_ip_align(br->dev, sizeof(*eth) + sizeof(*ip6h) +
417 8 + sizeof(*mldq));
418 if (!skb)
419 goto out;
420
421 skb->protocol = htons(ETH_P_IPV6);
422
423 /* Ethernet header */
424 skb_reset_mac_header(skb);
425 eth = eth_hdr(skb);
426
427 memcpy(eth->h_source, br->dev->dev_addr, 6);
428 ipv6_eth_mc_map(group, eth->h_dest);
429 eth->h_proto = htons(ETH_P_IPV6);
430 skb_put(skb, sizeof(*eth));
431
432 /* IPv6 header + HbH option */
433 skb_set_network_header(skb, skb->len);
434 ip6h = ipv6_hdr(skb);
435
436 *(__force __be32 *)ip6h = htonl(0x60000000);
437 ip6h->payload_len = 8 + sizeof(*mldq);
438 ip6h->nexthdr = IPPROTO_HOPOPTS;
439 ip6h->hop_limit = 1;
440 ipv6_addr_set(&ip6h->saddr, 0, 0, 0, 0);
441 ipv6_addr_set(&ip6h->daddr, htonl(0xff020000), 0, 0, htonl(1));
442
443 hopopt = (u8 *)(ip6h + 1);
444 hopopt[0] = IPPROTO_ICMPV6; /* next hdr */
445 hopopt[1] = 0; /* length of HbH */
446 hopopt[2] = IPV6_TLV_ROUTERALERT; /* Router Alert */
447 hopopt[3] = 2; /* Length of RA Option */
448 hopopt[4] = 0; /* Type = 0x0000 (MLD) */
449 hopopt[5] = 0;
450 hopopt[6] = IPV6_TLV_PAD0; /* Pad0 */
451 hopopt[7] = IPV6_TLV_PAD0; /* Pad0 */
452
453 skb_put(skb, sizeof(*ip6h) + 8);
454
455 /* ICMPv6 */
456 skb_set_transport_header(skb, skb->len);
457 mldq = (struct mld_msg *) icmp6_hdr(skb);
458
459 interval = ipv6_addr_any(group) ? br->multicast_last_member_interval :
460 br->multicast_query_response_interval;
461
462 mldq->mld_type = ICMPV6_MGM_QUERY;
463 mldq->mld_code = 0;
464 mldq->mld_cksum = 0;
465 mldq->mld_maxdelay = htons((u16)jiffies_to_msecs(interval));
466 mldq->mld_reserved = 0;
467 ipv6_addr_copy(&mldq->mld_mca, group);
468
469 /* checksum */
470 mldq->mld_cksum = csum_ipv6_magic(&ip6h->saddr, &ip6h->daddr,
471 sizeof(*mldq), IPPROTO_ICMPV6,
472 csum_partial(mldq,
473 sizeof(*mldq), 0));
474 skb_put(skb, sizeof(*mldq));
475
476 __skb_pull(skb, sizeof(*eth));
477
478out:
479 return skb;
480}
481#endif
482
483static struct sk_buff *br_multicast_alloc_query(struct net_bridge *br,
484 struct br_ip *addr)
485{
486 switch (addr->proto) {
487 case htons(ETH_P_IP):
488 return br_ip4_multicast_alloc_query(br, addr->u.ip4);
489#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
490 case htons(ETH_P_IPV6):
491 return br_ip6_multicast_alloc_query(br, &addr->u.ip6);
492#endif
493 }
494 return NULL;
495}
496
317static void br_multicast_send_group_query(struct net_bridge_mdb_entry *mp) 497static void br_multicast_send_group_query(struct net_bridge_mdb_entry *mp)
318{ 498{
319 struct net_bridge *br = mp->br; 499 struct net_bridge *br = mp->br;
320 struct sk_buff *skb; 500 struct sk_buff *skb;
321 501
322 skb = br_multicast_alloc_query(br, mp->addr); 502 skb = br_multicast_alloc_query(br, &mp->addr);
323 if (!skb) 503 if (!skb)
324 goto timer; 504 goto timer;
325 505
@@ -353,7 +533,7 @@ static void br_multicast_send_port_group_query(struct net_bridge_port_group *pg)
353 struct net_bridge *br = port->br; 533 struct net_bridge *br = port->br;
354 struct sk_buff *skb; 534 struct sk_buff *skb;
355 535
356 skb = br_multicast_alloc_query(br, pg->addr); 536 skb = br_multicast_alloc_query(br, &pg->addr);
357 if (!skb) 537 if (!skb)
358 goto timer; 538 goto timer;
359 539
@@ -383,8 +563,8 @@ out:
383} 563}
384 564
385static struct net_bridge_mdb_entry *br_multicast_get_group( 565static struct net_bridge_mdb_entry *br_multicast_get_group(
386 struct net_bridge *br, struct net_bridge_port *port, __be32 group, 566 struct net_bridge *br, struct net_bridge_port *port,
387 int hash) 567 struct br_ip *group, int hash)
388{ 568{
389 struct net_bridge_mdb_htable *mdb = br->mdb; 569 struct net_bridge_mdb_htable *mdb = br->mdb;
390 struct net_bridge_mdb_entry *mp; 570 struct net_bridge_mdb_entry *mp;
@@ -396,9 +576,8 @@ static struct net_bridge_mdb_entry *br_multicast_get_group(
396 576
397 hlist_for_each_entry(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) { 577 hlist_for_each_entry(mp, p, &mdb->mhash[hash], hlist[mdb->ver]) {
398 count++; 578 count++;
399 if (unlikely(group == mp->addr)) { 579 if (unlikely(br_ip_equal(group, &mp->addr)))
400 return mp; 580 return mp;
401 }
402 } 581 }
403 582
404 elasticity = 0; 583 elasticity = 0;
@@ -406,10 +585,9 @@ static struct net_bridge_mdb_entry *br_multicast_get_group(
406 585
407 if (unlikely(count > br->hash_elasticity && count)) { 586 if (unlikely(count > br->hash_elasticity && count)) {
408 if (net_ratelimit()) 587 if (net_ratelimit())
409 printk(KERN_INFO "%s: Multicast hash table " 588 br_info(br, "Multicast hash table "
410 "chain limit reached: %s\n", 589 "chain limit reached: %s\n",
411 br->dev->name, port ? port->dev->name : 590 port ? port->dev->name : br->dev->name);
412 br->dev->name);
413 591
414 elasticity = br->hash_elasticity; 592 elasticity = br->hash_elasticity;
415 } 593 }
@@ -417,11 +595,9 @@ static struct net_bridge_mdb_entry *br_multicast_get_group(
417 if (mdb->size >= max) { 595 if (mdb->size >= max) {
418 max *= 2; 596 max *= 2;
419 if (unlikely(max >= br->hash_max)) { 597 if (unlikely(max >= br->hash_max)) {
420 printk(KERN_WARNING "%s: Multicast hash table maximum " 598 br_warn(br, "Multicast hash table maximum "
421 "reached, disabling snooping: %s, %d\n", 599 "reached, disabling snooping: %s, %d\n",
422 br->dev->name, port ? port->dev->name : 600 port ? port->dev->name : br->dev->name, max);
423 br->dev->name,
424 max);
425 err = -E2BIG; 601 err = -E2BIG;
426disable: 602disable:
427 br->multicast_disabled = 1; 603 br->multicast_disabled = 1;
@@ -432,22 +608,19 @@ disable:
432 if (max > mdb->max || elasticity) { 608 if (max > mdb->max || elasticity) {
433 if (mdb->old) { 609 if (mdb->old) {
434 if (net_ratelimit()) 610 if (net_ratelimit())
435 printk(KERN_INFO "%s: Multicast hash table " 611 br_info(br, "Multicast hash table "
436 "on fire: %s\n", 612 "on fire: %s\n",
437 br->dev->name, port ? port->dev->name : 613 port ? port->dev->name : br->dev->name);
438 br->dev->name);
439 err = -EEXIST; 614 err = -EEXIST;
440 goto err; 615 goto err;
441 } 616 }
442 617
443 err = br_mdb_rehash(&br->mdb, max, elasticity); 618 err = br_mdb_rehash(&br->mdb, max, elasticity);
444 if (err) { 619 if (err) {
445 printk(KERN_WARNING "%s: Cannot rehash multicast " 620 br_warn(br, "Cannot rehash multicast "
446 "hash table, disabling snooping: " 621 "hash table, disabling snooping: %s, %d, %d\n",
447 "%s, %d, %d\n", 622 port ? port->dev->name : br->dev->name,
448 br->dev->name, port ? port->dev->name : 623 mdb->size, err);
449 br->dev->name,
450 mdb->size, err);
451 goto disable; 624 goto disable;
452 } 625 }
453 626
@@ -463,7 +636,8 @@ err:
463} 636}
464 637
465static struct net_bridge_mdb_entry *br_multicast_new_group( 638static struct net_bridge_mdb_entry *br_multicast_new_group(
466 struct net_bridge *br, struct net_bridge_port *port, __be32 group) 639 struct net_bridge *br, struct net_bridge_port *port,
640 struct br_ip *group)
467{ 641{
468 struct net_bridge_mdb_htable *mdb = br->mdb; 642 struct net_bridge_mdb_htable *mdb = br->mdb;
469 struct net_bridge_mdb_entry *mp; 643 struct net_bridge_mdb_entry *mp;
@@ -496,7 +670,7 @@ rehash:
496 goto out; 670 goto out;
497 671
498 mp->br = br; 672 mp->br = br;
499 mp->addr = group; 673 mp->addr = *group;
500 setup_timer(&mp->timer, br_multicast_group_expired, 674 setup_timer(&mp->timer, br_multicast_group_expired,
501 (unsigned long)mp); 675 (unsigned long)mp);
502 setup_timer(&mp->query_timer, br_multicast_group_query_expired, 676 setup_timer(&mp->query_timer, br_multicast_group_query_expired,
@@ -510,7 +684,8 @@ out:
510} 684}
511 685
512static int br_multicast_add_group(struct net_bridge *br, 686static int br_multicast_add_group(struct net_bridge *br,
513 struct net_bridge_port *port, __be32 group) 687 struct net_bridge_port *port,
688 struct br_ip *group)
514{ 689{
515 struct net_bridge_mdb_entry *mp; 690 struct net_bridge_mdb_entry *mp;
516 struct net_bridge_port_group *p; 691 struct net_bridge_port_group *p;
@@ -518,9 +693,6 @@ static int br_multicast_add_group(struct net_bridge *br,
518 unsigned long now = jiffies; 693 unsigned long now = jiffies;
519 int err; 694 int err;
520 695
521 if (ipv4_is_local_multicast(group))
522 return 0;
523
524 spin_lock(&br->multicast_lock); 696 spin_lock(&br->multicast_lock);
525 if (!netif_running(br->dev) || 697 if (!netif_running(br->dev) ||
526 (port && port->state == BR_STATE_DISABLED)) 698 (port && port->state == BR_STATE_DISABLED))
@@ -549,7 +721,7 @@ static int br_multicast_add_group(struct net_bridge *br,
549 if (unlikely(!p)) 721 if (unlikely(!p))
550 goto err; 722 goto err;
551 723
552 p->addr = group; 724 p->addr = *group;
553 p->port = port; 725 p->port = port;
554 p->next = *pp; 726 p->next = *pp;
555 hlist_add_head(&p->mglist, &port->mglist); 727 hlist_add_head(&p->mglist, &port->mglist);
@@ -570,6 +742,38 @@ err:
570 return err; 742 return err;
571} 743}
572 744
745static int br_ip4_multicast_add_group(struct net_bridge *br,
746 struct net_bridge_port *port,
747 __be32 group)
748{
749 struct br_ip br_group;
750
751 if (ipv4_is_local_multicast(group))
752 return 0;
753
754 br_group.u.ip4 = group;
755 br_group.proto = htons(ETH_P_IP);
756
757 return br_multicast_add_group(br, port, &br_group);
758}
759
760#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
761static int br_ip6_multicast_add_group(struct net_bridge *br,
762 struct net_bridge_port *port,
763 const struct in6_addr *group)
764{
765 struct br_ip br_group;
766
767 if (ipv6_is_local_multicast(group))
768 return 0;
769
770 ipv6_addr_copy(&br_group.u.ip6, group);
771 br_group.proto = htons(ETH_P_IP);
772
773 return br_multicast_add_group(br, port, &br_group);
774}
775#endif
776
573static void br_multicast_router_expired(unsigned long data) 777static void br_multicast_router_expired(unsigned long data)
574{ 778{
575 struct net_bridge_port *port = (void *)data; 779 struct net_bridge_port *port = (void *)data;
@@ -591,29 +795,45 @@ static void br_multicast_local_router_expired(unsigned long data)
591{ 795{
592} 796}
593 797
594static void br_multicast_send_query(struct net_bridge *br, 798static void __br_multicast_send_query(struct net_bridge *br,
595 struct net_bridge_port *port, u32 sent) 799 struct net_bridge_port *port,
800 struct br_ip *ip)
596{ 801{
597 unsigned long time;
598 struct sk_buff *skb; 802 struct sk_buff *skb;
599 803
600 if (!netif_running(br->dev) || br->multicast_disabled || 804 skb = br_multicast_alloc_query(br, ip);
601 timer_pending(&br->multicast_querier_timer))
602 return;
603
604 skb = br_multicast_alloc_query(br, 0);
605 if (!skb) 805 if (!skb)
606 goto timer; 806 return;
607 807
608 if (port) { 808 if (port) {
609 __skb_push(skb, sizeof(struct ethhdr)); 809 __skb_push(skb, sizeof(struct ethhdr));
610 skb->dev = port->dev; 810 skb->dev = port->dev;
611 NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 811 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
612 dev_queue_xmit); 812 dev_queue_xmit);
613 } else 813 } else
614 netif_rx(skb); 814 netif_rx(skb);
815}
816
817static void br_multicast_send_query(struct net_bridge *br,
818 struct net_bridge_port *port, u32 sent)
819{
820 unsigned long time;
821 struct br_ip br_group;
822
823 if (!netif_running(br->dev) || br->multicast_disabled ||
824 timer_pending(&br->multicast_querier_timer))
825 return;
826
827 memset(&br_group.u, 0, sizeof(br_group.u));
828
829 br_group.proto = htons(ETH_P_IP);
830 __br_multicast_send_query(br, port, &br_group);
831
832#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
833 br_group.proto = htons(ETH_P_IPV6);
834 __br_multicast_send_query(br, port, &br_group);
835#endif
615 836
616timer:
617 time = jiffies; 837 time = jiffies;
618 time += sent < br->multicast_startup_query_count ? 838 time += sent < br->multicast_startup_query_count ?
619 br->multicast_startup_query_interval : 839 br->multicast_startup_query_interval :
@@ -698,9 +918,9 @@ void br_multicast_disable_port(struct net_bridge_port *port)
698 spin_unlock(&br->multicast_lock); 918 spin_unlock(&br->multicast_lock);
699} 919}
700 920
701static int br_multicast_igmp3_report(struct net_bridge *br, 921static int br_ip4_multicast_igmp3_report(struct net_bridge *br,
702 struct net_bridge_port *port, 922 struct net_bridge_port *port,
703 struct sk_buff *skb) 923 struct sk_buff *skb)
704{ 924{
705 struct igmpv3_report *ih; 925 struct igmpv3_report *ih;
706 struct igmpv3_grec *grec; 926 struct igmpv3_grec *grec;
@@ -745,7 +965,7 @@ static int br_multicast_igmp3_report(struct net_bridge *br,
745 continue; 965 continue;
746 } 966 }
747 967
748 err = br_multicast_add_group(br, port, group); 968 err = br_ip4_multicast_add_group(br, port, group);
749 if (err) 969 if (err)
750 break; 970 break;
751 } 971 }
@@ -753,24 +973,87 @@ static int br_multicast_igmp3_report(struct net_bridge *br,
753 return err; 973 return err;
754} 974}
755 975
976#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
977static int br_ip6_multicast_mld2_report(struct net_bridge *br,
978 struct net_bridge_port *port,
979 struct sk_buff *skb)
980{
981 struct icmp6hdr *icmp6h;
982 struct mld2_grec *grec;
983 int i;
984 int len;
985 int num;
986 int err = 0;
987
988 if (!pskb_may_pull(skb, sizeof(*icmp6h)))
989 return -EINVAL;
990
991 icmp6h = icmp6_hdr(skb);
992 num = ntohs(icmp6h->icmp6_dataun.un_data16[1]);
993 len = sizeof(*icmp6h);
994
995 for (i = 0; i < num; i++) {
996 __be16 *nsrcs, _nsrcs;
997
998 nsrcs = skb_header_pointer(skb,
999 len + offsetof(struct mld2_grec,
1000 grec_mca),
1001 sizeof(_nsrcs), &_nsrcs);
1002 if (!nsrcs)
1003 return -EINVAL;
1004
1005 if (!pskb_may_pull(skb,
1006 len + sizeof(*grec) +
1007 sizeof(struct in6_addr) * (*nsrcs)))
1008 return -EINVAL;
1009
1010 grec = (struct mld2_grec *)(skb->data + len);
1011 len += sizeof(*grec) + sizeof(struct in6_addr) * (*nsrcs);
1012
1013 /* We treat these as MLDv1 reports for now. */
1014 switch (grec->grec_type) {
1015 case MLD2_MODE_IS_INCLUDE:
1016 case MLD2_MODE_IS_EXCLUDE:
1017 case MLD2_CHANGE_TO_INCLUDE:
1018 case MLD2_CHANGE_TO_EXCLUDE:
1019 case MLD2_ALLOW_NEW_SOURCES:
1020 case MLD2_BLOCK_OLD_SOURCES:
1021 break;
1022
1023 default:
1024 continue;
1025 }
1026
1027 err = br_ip6_multicast_add_group(br, port, &grec->grec_mca);
1028 if (!err)
1029 break;
1030 }
1031
1032 return err;
1033}
1034#endif
1035
1036/*
1037 * Add port to rotuer_list
1038 * list is maintained ordered by pointer value
1039 * and locked by br->multicast_lock and RCU
1040 */
756static void br_multicast_add_router(struct net_bridge *br, 1041static void br_multicast_add_router(struct net_bridge *br,
757 struct net_bridge_port *port) 1042 struct net_bridge_port *port)
758{ 1043{
759 struct hlist_node *p; 1044 struct net_bridge_port *p;
760 struct hlist_node **h; 1045 struct hlist_node *n, *slot = NULL;
761 1046
762 for (h = &br->router_list.first; 1047 hlist_for_each_entry(p, n, &br->router_list, rlist) {
763 (p = *h) && 1048 if ((unsigned long) port >= (unsigned long) p)
764 (unsigned long)container_of(p, struct net_bridge_port, rlist) > 1049 break;
765 (unsigned long)port; 1050 slot = n;
766 h = &p->next) 1051 }
767 ; 1052
768 1053 if (slot)
769 port->rlist.pprev = h; 1054 hlist_add_after_rcu(slot, &port->rlist);
770 port->rlist.next = p; 1055 else
771 rcu_assign_pointer(*h, &port->rlist); 1056 hlist_add_head_rcu(&port->rlist, &br->router_list);
772 if (p)
773 p->pprev = &port->rlist.next;
774} 1057}
775 1058
776static void br_multicast_mark_router(struct net_bridge *br, 1059static void br_multicast_mark_router(struct net_bridge *br,
@@ -800,7 +1083,7 @@ timer:
800 1083
801static void br_multicast_query_received(struct net_bridge *br, 1084static void br_multicast_query_received(struct net_bridge *br,
802 struct net_bridge_port *port, 1085 struct net_bridge_port *port,
803 __be32 saddr) 1086 int saddr)
804{ 1087{
805 if (saddr) 1088 if (saddr)
806 mod_timer(&br->multicast_querier_timer, 1089 mod_timer(&br->multicast_querier_timer,
@@ -811,9 +1094,9 @@ static void br_multicast_query_received(struct net_bridge *br,
811 br_multicast_mark_router(br, port); 1094 br_multicast_mark_router(br, port);
812} 1095}
813 1096
814static int br_multicast_query(struct net_bridge *br, 1097static int br_ip4_multicast_query(struct net_bridge *br,
815 struct net_bridge_port *port, 1098 struct net_bridge_port *port,
816 struct sk_buff *skb) 1099 struct sk_buff *skb)
817{ 1100{
818 struct iphdr *iph = ip_hdr(skb); 1101 struct iphdr *iph = ip_hdr(skb);
819 struct igmphdr *ih = igmp_hdr(skb); 1102 struct igmphdr *ih = igmp_hdr(skb);
@@ -831,7 +1114,7 @@ static int br_multicast_query(struct net_bridge *br,
831 (port && port->state == BR_STATE_DISABLED)) 1114 (port && port->state == BR_STATE_DISABLED))
832 goto out; 1115 goto out;
833 1116
834 br_multicast_query_received(br, port, iph->saddr); 1117 br_multicast_query_received(br, port, !!iph->saddr);
835 1118
836 group = ih->group; 1119 group = ih->group;
837 1120
@@ -859,7 +1142,7 @@ static int br_multicast_query(struct net_bridge *br,
859 if (!group) 1142 if (!group)
860 goto out; 1143 goto out;
861 1144
862 mp = br_mdb_ip_get(br->mdb, group); 1145 mp = br_mdb_ip4_get(br->mdb, group);
863 if (!mp) 1146 if (!mp)
864 goto out; 1147 goto out;
865 1148
@@ -883,9 +1166,78 @@ out:
883 return err; 1166 return err;
884} 1167}
885 1168
1169#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1170static int br_ip6_multicast_query(struct net_bridge *br,
1171 struct net_bridge_port *port,
1172 struct sk_buff *skb)
1173{
1174 struct ipv6hdr *ip6h = ipv6_hdr(skb);
1175 struct mld_msg *mld = (struct mld_msg *) icmp6_hdr(skb);
1176 struct net_bridge_mdb_entry *mp;
1177 struct mld2_query *mld2q;
1178 struct net_bridge_port_group *p, **pp;
1179 unsigned long max_delay;
1180 unsigned long now = jiffies;
1181 struct in6_addr *group = NULL;
1182 int err = 0;
1183
1184 spin_lock(&br->multicast_lock);
1185 if (!netif_running(br->dev) ||
1186 (port && port->state == BR_STATE_DISABLED))
1187 goto out;
1188
1189 br_multicast_query_received(br, port, !ipv6_addr_any(&ip6h->saddr));
1190
1191 if (skb->len == sizeof(*mld)) {
1192 if (!pskb_may_pull(skb, sizeof(*mld))) {
1193 err = -EINVAL;
1194 goto out;
1195 }
1196 mld = (struct mld_msg *) icmp6_hdr(skb);
1197 max_delay = msecs_to_jiffies(htons(mld->mld_maxdelay));
1198 if (max_delay)
1199 group = &mld->mld_mca;
1200 } else if (skb->len >= sizeof(*mld2q)) {
1201 if (!pskb_may_pull(skb, sizeof(*mld2q))) {
1202 err = -EINVAL;
1203 goto out;
1204 }
1205 mld2q = (struct mld2_query *)icmp6_hdr(skb);
1206 if (!mld2q->mld2q_nsrcs)
1207 group = &mld2q->mld2q_mca;
1208 max_delay = mld2q->mld2q_mrc ? MLDV2_MRC(mld2q->mld2q_mrc) : 1;
1209 }
1210
1211 if (!group)
1212 goto out;
1213
1214 mp = br_mdb_ip6_get(br->mdb, group);
1215 if (!mp)
1216 goto out;
1217
1218 max_delay *= br->multicast_last_member_count;
1219 if (!hlist_unhashed(&mp->mglist) &&
1220 (timer_pending(&mp->timer) ?
1221 time_after(mp->timer.expires, now + max_delay) :
1222 try_to_del_timer_sync(&mp->timer) >= 0))
1223 mod_timer(&mp->timer, now + max_delay);
1224
1225 for (pp = &mp->ports; (p = *pp); pp = &p->next) {
1226 if (timer_pending(&p->timer) ?
1227 time_after(p->timer.expires, now + max_delay) :
1228 try_to_del_timer_sync(&p->timer) >= 0)
1229 mod_timer(&mp->timer, now + max_delay);
1230 }
1231
1232out:
1233 spin_unlock(&br->multicast_lock);
1234 return err;
1235}
1236#endif
1237
886static void br_multicast_leave_group(struct net_bridge *br, 1238static void br_multicast_leave_group(struct net_bridge *br,
887 struct net_bridge_port *port, 1239 struct net_bridge_port *port,
888 __be32 group) 1240 struct br_ip *group)
889{ 1241{
890 struct net_bridge_mdb_htable *mdb; 1242 struct net_bridge_mdb_htable *mdb;
891 struct net_bridge_mdb_entry *mp; 1243 struct net_bridge_mdb_entry *mp;
@@ -893,9 +1245,6 @@ static void br_multicast_leave_group(struct net_bridge *br,
893 unsigned long now; 1245 unsigned long now;
894 unsigned long time; 1246 unsigned long time;
895 1247
896 if (ipv4_is_local_multicast(group))
897 return;
898
899 spin_lock(&br->multicast_lock); 1248 spin_lock(&br->multicast_lock);
900 if (!netif_running(br->dev) || 1249 if (!netif_running(br->dev) ||
901 (port && port->state == BR_STATE_DISABLED) || 1250 (port && port->state == BR_STATE_DISABLED) ||
@@ -946,6 +1295,38 @@ out:
946 spin_unlock(&br->multicast_lock); 1295 spin_unlock(&br->multicast_lock);
947} 1296}
948 1297
1298static void br_ip4_multicast_leave_group(struct net_bridge *br,
1299 struct net_bridge_port *port,
1300 __be32 group)
1301{
1302 struct br_ip br_group;
1303
1304 if (ipv4_is_local_multicast(group))
1305 return;
1306
1307 br_group.u.ip4 = group;
1308 br_group.proto = htons(ETH_P_IP);
1309
1310 br_multicast_leave_group(br, port, &br_group);
1311}
1312
1313#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1314static void br_ip6_multicast_leave_group(struct net_bridge *br,
1315 struct net_bridge_port *port,
1316 const struct in6_addr *group)
1317{
1318 struct br_ip br_group;
1319
1320 if (ipv6_is_local_multicast(group))
1321 return;
1322
1323 ipv6_addr_copy(&br_group.u.ip6, group);
1324 br_group.proto = htons(ETH_P_IPV6);
1325
1326 br_multicast_leave_group(br, port, &br_group);
1327}
1328#endif
1329
949static int br_multicast_ipv4_rcv(struct net_bridge *br, 1330static int br_multicast_ipv4_rcv(struct net_bridge *br,
950 struct net_bridge_port *port, 1331 struct net_bridge_port *port,
951 struct sk_buff *skb) 1332 struct sk_buff *skb)
@@ -1000,8 +1381,6 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
1000 if (!pskb_may_pull(skb2, sizeof(*ih))) 1381 if (!pskb_may_pull(skb2, sizeof(*ih)))
1001 goto out; 1382 goto out;
1002 1383
1003 iph = ip_hdr(skb2);
1004
1005 switch (skb2->ip_summed) { 1384 switch (skb2->ip_summed) {
1006 case CHECKSUM_COMPLETE: 1385 case CHECKSUM_COMPLETE:
1007 if (!csum_fold(skb2->csum)) 1386 if (!csum_fold(skb2->csum))
@@ -1022,16 +1401,16 @@ static int br_multicast_ipv4_rcv(struct net_bridge *br,
1022 case IGMP_HOST_MEMBERSHIP_REPORT: 1401 case IGMP_HOST_MEMBERSHIP_REPORT:
1023 case IGMPV2_HOST_MEMBERSHIP_REPORT: 1402 case IGMPV2_HOST_MEMBERSHIP_REPORT:
1024 BR_INPUT_SKB_CB(skb2)->mrouters_only = 1; 1403 BR_INPUT_SKB_CB(skb2)->mrouters_only = 1;
1025 err = br_multicast_add_group(br, port, ih->group); 1404 err = br_ip4_multicast_add_group(br, port, ih->group);
1026 break; 1405 break;
1027 case IGMPV3_HOST_MEMBERSHIP_REPORT: 1406 case IGMPV3_HOST_MEMBERSHIP_REPORT:
1028 err = br_multicast_igmp3_report(br, port, skb2); 1407 err = br_ip4_multicast_igmp3_report(br, port, skb2);
1029 break; 1408 break;
1030 case IGMP_HOST_MEMBERSHIP_QUERY: 1409 case IGMP_HOST_MEMBERSHIP_QUERY:
1031 err = br_multicast_query(br, port, skb2); 1410 err = br_ip4_multicast_query(br, port, skb2);
1032 break; 1411 break;
1033 case IGMP_HOST_LEAVE_MESSAGE: 1412 case IGMP_HOST_LEAVE_MESSAGE:
1034 br_multicast_leave_group(br, port, ih->group); 1413 br_ip4_multicast_leave_group(br, port, ih->group);
1035 break; 1414 break;
1036 } 1415 }
1037 1416
@@ -1043,6 +1422,123 @@ err_out:
1043 return err; 1422 return err;
1044} 1423}
1045 1424
1425#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1426static int br_multicast_ipv6_rcv(struct net_bridge *br,
1427 struct net_bridge_port *port,
1428 struct sk_buff *skb)
1429{
1430 struct sk_buff *skb2 = skb;
1431 struct ipv6hdr *ip6h;
1432 struct icmp6hdr *icmp6h;
1433 u8 nexthdr;
1434 unsigned len;
1435 unsigned offset;
1436 int err;
1437
1438 if (!pskb_may_pull(skb, sizeof(*ip6h)))
1439 return -EINVAL;
1440
1441 ip6h = ipv6_hdr(skb);
1442
1443 /*
1444 * We're interested in MLD messages only.
1445 * - Version is 6
1446 * - MLD has always Router Alert hop-by-hop option
1447 * - But we do not support jumbrograms.
1448 */
1449 if (ip6h->version != 6 ||
1450 ip6h->nexthdr != IPPROTO_HOPOPTS ||
1451 ip6h->payload_len == 0)
1452 return 0;
1453
1454 len = ntohs(ip6h->payload_len);
1455 if (skb->len < len)
1456 return -EINVAL;
1457
1458 nexthdr = ip6h->nexthdr;
1459 offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr);
1460
1461 if (offset < 0 || nexthdr != IPPROTO_ICMPV6)
1462 return 0;
1463
1464 /* Okay, we found ICMPv6 header */
1465 skb2 = skb_clone(skb, GFP_ATOMIC);
1466 if (!skb2)
1467 return -ENOMEM;
1468
1469 len -= offset - skb_network_offset(skb2);
1470
1471 __skb_pull(skb2, offset);
1472 skb_reset_transport_header(skb2);
1473
1474 err = -EINVAL;
1475 if (!pskb_may_pull(skb2, sizeof(*icmp6h)))
1476 goto out;
1477
1478 icmp6h = icmp6_hdr(skb2);
1479
1480 switch (icmp6h->icmp6_type) {
1481 case ICMPV6_MGM_QUERY:
1482 case ICMPV6_MGM_REPORT:
1483 case ICMPV6_MGM_REDUCTION:
1484 case ICMPV6_MLD2_REPORT:
1485 break;
1486 default:
1487 err = 0;
1488 goto out;
1489 }
1490
1491 /* Okay, we found MLD message. Check further. */
1492 if (skb2->len > len) {
1493 err = pskb_trim_rcsum(skb2, len);
1494 if (err)
1495 goto out;
1496 }
1497
1498 switch (skb2->ip_summed) {
1499 case CHECKSUM_COMPLETE:
1500 if (!csum_fold(skb2->csum))
1501 break;
1502 /*FALLTHROUGH*/
1503 case CHECKSUM_NONE:
1504 skb2->csum = 0;
1505 if (skb_checksum_complete(skb2))
1506 goto out;
1507 }
1508
1509 err = 0;
1510
1511 BR_INPUT_SKB_CB(skb)->igmp = 1;
1512
1513 switch (icmp6h->icmp6_type) {
1514 case ICMPV6_MGM_REPORT:
1515 {
1516 struct mld_msg *mld = (struct mld_msg *)icmp6h;
1517 BR_INPUT_SKB_CB(skb2)->mrouters_only = 1;
1518 err = br_ip6_multicast_add_group(br, port, &mld->mld_mca);
1519 break;
1520 }
1521 case ICMPV6_MLD2_REPORT:
1522 err = br_ip6_multicast_mld2_report(br, port, skb2);
1523 break;
1524 case ICMPV6_MGM_QUERY:
1525 err = br_ip6_multicast_query(br, port, skb2);
1526 break;
1527 case ICMPV6_MGM_REDUCTION:
1528 {
1529 struct mld_msg *mld = (struct mld_msg *)icmp6h;
1530 br_ip6_multicast_leave_group(br, port, &mld->mld_mca);
1531 }
1532 }
1533
1534out:
1535 __skb_push(skb2, offset);
1536 if (skb2 != skb)
1537 kfree_skb(skb2);
1538 return err;
1539}
1540#endif
1541
1046int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port, 1542int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port,
1047 struct sk_buff *skb) 1543 struct sk_buff *skb)
1048{ 1544{
@@ -1055,6 +1551,10 @@ int br_multicast_rcv(struct net_bridge *br, struct net_bridge_port *port,
1055 switch (skb->protocol) { 1551 switch (skb->protocol) {
1056 case htons(ETH_P_IP): 1552 case htons(ETH_P_IP):
1057 return br_multicast_ipv4_rcv(br, port, skb); 1553 return br_multicast_ipv4_rcv(br, port, skb);
1554#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
1555 case htons(ETH_P_IPV6):
1556 return br_multicast_ipv6_rcv(br, port, skb);
1557#endif
1058 } 1558 }
1059 1559
1060 return 0; 1560 return 0;
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 4c4977d12fd..44420992f72 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -3,15 +3,8 @@
3 * Linux ethernet bridge 3 * Linux ethernet bridge
4 * 4 *
5 * Authors: 5 * Authors:
6 * Lennert Buytenhek <buytenh@gnu.org> 6 * Lennert Buytenhek <buytenh@gnu.org>
7 * Bart De Schuymer (maintainer) <bdschuym@pandora.be> 7 * Bart De Schuymer <bdschuym@pandora.be>
8 *
9 * Changes:
10 * Apr 29 2003: physdev module support (bdschuym)
11 * Jun 19 2003: let arptables see bridged ARP traffic (bdschuym)
12 * Oct 06 2003: filter encapsulated IP/ARP VLAN traffic on untagged bridge
13 * (bdschuym)
14 * Sep 01 2004: add IPv6 filtering (bdschuym)
15 * 8 *
16 * This program is free software; you can redistribute it and/or 9 * This program is free software; you can redistribute it and/or
17 * modify it under the terms of the GNU General Public License 10 * modify it under the terms of the GNU General Public License
@@ -204,15 +197,24 @@ static inline void nf_bridge_save_header(struct sk_buff *skb)
204 skb->nf_bridge->data, header_size); 197 skb->nf_bridge->data, header_size);
205} 198}
206 199
207/* 200static inline void nf_bridge_update_protocol(struct sk_buff *skb)
208 * When forwarding bridge frames, we save a copy of the original 201{
209 * header before processing. 202 if (skb->nf_bridge->mask & BRNF_8021Q)
203 skb->protocol = htons(ETH_P_8021Q);
204 else if (skb->nf_bridge->mask & BRNF_PPPoE)
205 skb->protocol = htons(ETH_P_PPP_SES);
206}
207
208/* Fill in the header for fragmented IP packets handled by
209 * the IPv4 connection tracking code.
210 */ 210 */
211int nf_bridge_copy_header(struct sk_buff *skb) 211int nf_bridge_copy_header(struct sk_buff *skb)
212{ 212{
213 int err; 213 int err;
214 int header_size = ETH_HLEN + nf_bridge_encap_header_len(skb); 214 unsigned int header_size;
215 215
216 nf_bridge_update_protocol(skb);
217 header_size = ETH_HLEN + nf_bridge_encap_header_len(skb);
216 err = skb_cow_head(skb, header_size); 218 err = skb_cow_head(skb, header_size);
217 if (err) 219 if (err)
218 return err; 220 return err;
@@ -246,27 +248,48 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
246 skb_dst_set(skb, &rt->u.dst); 248 skb_dst_set(skb, &rt->u.dst);
247 249
248 skb->dev = nf_bridge->physindev; 250 skb->dev = nf_bridge->physindev;
251 nf_bridge_update_protocol(skb);
249 nf_bridge_push_encap_header(skb); 252 nf_bridge_push_encap_header(skb);
250 NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 253 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
251 br_handle_frame_finish, 1); 254 br_handle_frame_finish, 1);
252 255
253 return 0; 256 return 0;
254} 257}
255 258
256static void __br_dnat_complain(void) 259/* Obtain the correct destination MAC address, while preserving the original
260 * source MAC address. If we already know this address, we just copy it. If we
261 * don't, we use the neighbour framework to find out. In both cases, we make
262 * sure that br_handle_frame_finish() is called afterwards.
263 */
264static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
257{ 265{
258 static unsigned long last_complaint; 266 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
267 struct dst_entry *dst;
259 268
260 if (jiffies - last_complaint >= 5 * HZ) { 269 skb->dev = bridge_parent(skb->dev);
261 printk(KERN_WARNING "Performing cross-bridge DNAT requires IP " 270 if (!skb->dev)
262 "forwarding to be enabled\n"); 271 goto free_skb;
263 last_complaint = jiffies; 272 dst = skb_dst(skb);
273 if (dst->hh) {
274 neigh_hh_bridge(dst->hh, skb);
275 skb->dev = nf_bridge->physindev;
276 return br_handle_frame_finish(skb);
277 } else if (dst->neighbour) {
278 /* the neighbour function below overwrites the complete
279 * MAC header, so we save the Ethernet source address and
280 * protocol number. */
281 skb_copy_from_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), skb->nf_bridge->data, ETH_HLEN-ETH_ALEN);
282 /* tell br_dev_xmit to continue with forwarding */
283 nf_bridge->mask |= BRNF_BRIDGED_DNAT;
284 return dst->neighbour->output(skb);
264 } 285 }
286free_skb:
287 kfree_skb(skb);
288 return 0;
265} 289}
266 290
267/* This requires some explaining. If DNAT has taken place, 291/* This requires some explaining. If DNAT has taken place,
268 * we will need to fix up the destination Ethernet address, 292 * we will need to fix up the destination Ethernet address.
269 * and this is a tricky process.
270 * 293 *
271 * There are two cases to consider: 294 * There are two cases to consider:
272 * 1. The packet was DNAT'ed to a device in the same bridge 295 * 1. The packet was DNAT'ed to a device in the same bridge
@@ -280,62 +303,29 @@ static void __br_dnat_complain(void)
280 * call ip_route_input() and to look at skb->dst->dev, which is 303 * call ip_route_input() and to look at skb->dst->dev, which is
281 * changed to the destination device if ip_route_input() succeeds. 304 * changed to the destination device if ip_route_input() succeeds.
282 * 305 *
283 * Let us first consider the case that ip_route_input() succeeds: 306 * Let's first consider the case that ip_route_input() succeeds:
284 *
285 * If skb->dst->dev equals the logical bridge device the packet
286 * came in on, we can consider this bridging. The packet is passed
287 * through the neighbour output function to build a new destination
288 * MAC address, which will make the packet enter br_nf_local_out()
289 * not much later. In that function it is assured that the iptables
290 * FORWARD chain is traversed for the packet.
291 * 307 *
308 * If the output device equals the logical bridge device the packet
309 * came in on, we can consider this bridging. The corresponding MAC
310 * address will be obtained in br_nf_pre_routing_finish_bridge.
292 * Otherwise, the packet is considered to be routed and we just 311 * Otherwise, the packet is considered to be routed and we just
293 * change the destination MAC address so that the packet will 312 * change the destination MAC address so that the packet will
294 * later be passed up to the IP stack to be routed. For a redirected 313 * later be passed up to the IP stack to be routed. For a redirected
295 * packet, ip_route_input() will give back the localhost as output device, 314 * packet, ip_route_input() will give back the localhost as output device,
296 * which differs from the bridge device. 315 * which differs from the bridge device.
297 * 316 *
298 * Let us now consider the case that ip_route_input() fails: 317 * Let's now consider the case that ip_route_input() fails:
299 * 318 *
300 * This can be because the destination address is martian, in which case 319 * This can be because the destination address is martian, in which case
301 * the packet will be dropped. 320 * the packet will be dropped.
302 * After a "echo '0' > /proc/sys/net/ipv4/ip_forward" ip_route_input() 321 * If IP forwarding is disabled, ip_route_input() will fail, while
303 * will fail, while __ip_route_output_key() will return success. The source 322 * ip_route_output_key() can return success. The source
304 * address for __ip_route_output_key() is set to zero, so __ip_route_output_key 323 * address for ip_route_output_key() is set to zero, so ip_route_output_key()
305 * thinks we're handling a locally generated packet and won't care 324 * thinks we're handling a locally generated packet and won't care
306 * if IP forwarding is allowed. We send a warning message to the users's 325 * if IP forwarding is enabled. If the output device equals the logical bridge
307 * log telling her to put IP forwarding on. 326 * device, we proceed as if ip_route_input() succeeded. If it differs from the
308 * 327 * logical bridge port or if ip_route_output_key() fails we drop the packet.
309 * ip_route_input() will also fail if there is no route available. 328 */
310 * In that case we just drop the packet.
311 *
312 * --Lennert, 20020411
313 * --Bart, 20020416 (updated)
314 * --Bart, 20021007 (updated)
315 * --Bart, 20062711 (updated) */
316static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
317{
318 if (skb->pkt_type == PACKET_OTHERHOST) {
319 skb->pkt_type = PACKET_HOST;
320 skb->nf_bridge->mask |= BRNF_PKT_TYPE;
321 }
322 skb->nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
323
324 skb->dev = bridge_parent(skb->dev);
325 if (skb->dev) {
326 struct dst_entry *dst = skb_dst(skb);
327
328 nf_bridge_pull_encap_header(skb);
329
330 if (dst->hh)
331 return neigh_hh_output(dst->hh, skb);
332 else if (dst->neighbour)
333 return dst->neighbour->output(skb);
334 }
335 kfree_skb(skb);
336 return 0;
337}
338
339static int br_nf_pre_routing_finish(struct sk_buff *skb) 329static int br_nf_pre_routing_finish(struct sk_buff *skb)
340{ 330{
341 struct net_device *dev = skb->dev; 331 struct net_device *dev = skb->dev;
@@ -379,11 +369,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
379 skb_dst_set(skb, (struct dst_entry *)rt); 369 skb_dst_set(skb, (struct dst_entry *)rt);
380 goto bridged_dnat; 370 goto bridged_dnat;
381 } 371 }
382 /* we are sure that forwarding is disabled, so printing
383 * this message is no problem. Note that the packet could
384 * still have a martian destination address, in which case
385 * the packet could be dropped even if forwarding were enabled */
386 __br_dnat_complain();
387 dst_release((struct dst_entry *)rt); 372 dst_release((struct dst_entry *)rt);
388 } 373 }
389free_skb: 374free_skb:
@@ -392,12 +377,11 @@ free_skb:
392 } else { 377 } else {
393 if (skb_dst(skb)->dev == dev) { 378 if (skb_dst(skb)->dev == dev) {
394bridged_dnat: 379bridged_dnat:
395 /* Tell br_nf_local_out this is a
396 * bridged frame */
397 nf_bridge->mask |= BRNF_BRIDGED_DNAT;
398 skb->dev = nf_bridge->physindev; 380 skb->dev = nf_bridge->physindev;
381 nf_bridge_update_protocol(skb);
399 nf_bridge_push_encap_header(skb); 382 nf_bridge_push_encap_header(skb);
400 NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, 383 NF_HOOK_THRESH(NFPROTO_BRIDGE,
384 NF_BR_PRE_ROUTING,
401 skb, skb->dev, NULL, 385 skb, skb->dev, NULL,
402 br_nf_pre_routing_finish_bridge, 386 br_nf_pre_routing_finish_bridge,
403 1); 387 1);
@@ -417,8 +401,9 @@ bridged_dnat:
417 } 401 }
418 402
419 skb->dev = nf_bridge->physindev; 403 skb->dev = nf_bridge->physindev;
404 nf_bridge_update_protocol(skb);
420 nf_bridge_push_encap_header(skb); 405 nf_bridge_push_encap_header(skb);
421 NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 406 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
422 br_handle_frame_finish, 1); 407 br_handle_frame_finish, 1);
423 408
424 return 0; 409 return 0;
@@ -437,6 +422,10 @@ static struct net_device *setup_pre_routing(struct sk_buff *skb)
437 nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING; 422 nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING;
438 nf_bridge->physindev = skb->dev; 423 nf_bridge->physindev = skb->dev;
439 skb->dev = bridge_parent(skb->dev); 424 skb->dev = bridge_parent(skb->dev);
425 if (skb->protocol == htons(ETH_P_8021Q))
426 nf_bridge->mask |= BRNF_8021Q;
427 else if (skb->protocol == htons(ETH_P_PPP_SES))
428 nf_bridge->mask |= BRNF_PPPoE;
440 429
441 return skb->dev; 430 return skb->dev;
442} 431}
@@ -535,7 +524,8 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
535 if (!setup_pre_routing(skb)) 524 if (!setup_pre_routing(skb))
536 return NF_DROP; 525 return NF_DROP;
537 526
538 NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 527 skb->protocol = htons(ETH_P_IPV6);
528 NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
539 br_nf_pre_routing_finish_ipv6); 529 br_nf_pre_routing_finish_ipv6);
540 530
541 return NF_STOLEN; 531 return NF_STOLEN;
@@ -607,8 +597,9 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
607 if (!setup_pre_routing(skb)) 597 if (!setup_pre_routing(skb))
608 return NF_DROP; 598 return NF_DROP;
609 store_orig_dstaddr(skb); 599 store_orig_dstaddr(skb);
600 skb->protocol = htons(ETH_P_IP);
610 601
611 NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 602 NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, skb->dev, NULL,
612 br_nf_pre_routing_finish); 603 br_nf_pre_routing_finish);
613 604
614 return NF_STOLEN; 605 return NF_STOLEN;
@@ -652,11 +643,13 @@ static int br_nf_forward_finish(struct sk_buff *skb)
652 skb->pkt_type = PACKET_OTHERHOST; 643 skb->pkt_type = PACKET_OTHERHOST;
653 nf_bridge->mask ^= BRNF_PKT_TYPE; 644 nf_bridge->mask ^= BRNF_PKT_TYPE;
654 } 645 }
646 nf_bridge_update_protocol(skb);
655 } else { 647 } else {
656 in = *((struct net_device **)(skb->cb)); 648 in = *((struct net_device **)(skb->cb));
657 } 649 }
658 nf_bridge_push_encap_header(skb); 650 nf_bridge_push_encap_header(skb);
659 NF_HOOK_THRESH(PF_BRIDGE, NF_BR_FORWARD, skb, in, 651
652 NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, in,
660 skb->dev, br_forward_finish, 1); 653 skb->dev, br_forward_finish, 1);
661 return 0; 654 return 0;
662} 655}
@@ -707,6 +700,10 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
707 /* The physdev module checks on this */ 700 /* The physdev module checks on this */
708 nf_bridge->mask |= BRNF_BRIDGED; 701 nf_bridge->mask |= BRNF_BRIDGED;
709 nf_bridge->physoutdev = skb->dev; 702 nf_bridge->physoutdev = skb->dev;
703 if (pf == PF_INET)
704 skb->protocol = htons(ETH_P_IP);
705 else
706 skb->protocol = htons(ETH_P_IPV6);
710 707
711 NF_HOOK(pf, NF_INET_FORWARD, skb, bridge_parent(in), parent, 708 NF_HOOK(pf, NF_INET_FORWARD, skb, bridge_parent(in), parent,
712 br_nf_forward_finish); 709 br_nf_forward_finish);
@@ -744,60 +741,11 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb,
744 return NF_STOLEN; 741 return NF_STOLEN;
745} 742}
746 743
747/* PF_BRIDGE/LOCAL_OUT ***********************************************
748 *
749 * This function sees both locally originated IP packets and forwarded
750 * IP packets (in both cases the destination device is a bridge
751 * device). It also sees bridged-and-DNAT'ed packets.
752 *
753 * If (nf_bridge->mask & BRNF_BRIDGED_DNAT) then the packet is bridged
754 * and we fake the PF_BRIDGE/FORWARD hook. The function br_nf_forward()
755 * will then fake the PF_INET/FORWARD hook. br_nf_local_out() has priority
756 * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor
757 * will be executed.
758 */
759static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff *skb,
760 const struct net_device *in,
761 const struct net_device *out,
762 int (*okfn)(struct sk_buff *))
763{
764 struct net_device *realindev;
765 struct nf_bridge_info *nf_bridge;
766
767 if (!skb->nf_bridge)
768 return NF_ACCEPT;
769
770 /* Need exclusive nf_bridge_info since we might have multiple
771 * different physoutdevs. */
772 if (!nf_bridge_unshare(skb))
773 return NF_DROP;
774
775 nf_bridge = skb->nf_bridge;
776 if (!(nf_bridge->mask & BRNF_BRIDGED_DNAT))
777 return NF_ACCEPT;
778
779 /* Bridged, take PF_BRIDGE/FORWARD.
780 * (see big note in front of br_nf_pre_routing_finish) */
781 nf_bridge->physoutdev = skb->dev;
782 realindev = nf_bridge->physindev;
783
784 if (nf_bridge->mask & BRNF_PKT_TYPE) {
785 skb->pkt_type = PACKET_OTHERHOST;
786 nf_bridge->mask ^= BRNF_PKT_TYPE;
787 }
788 nf_bridge_push_encap_header(skb);
789
790 NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, realindev, skb->dev,
791 br_forward_finish);
792 return NF_STOLEN;
793}
794
795#if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE) 744#if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE)
796static int br_nf_dev_queue_xmit(struct sk_buff *skb) 745static int br_nf_dev_queue_xmit(struct sk_buff *skb)
797{ 746{
798 if (skb->nfct != NULL && 747 if (skb->nfct != NULL && skb->protocol == htons(ETH_P_IP) &&
799 (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) && 748 skb->len + nf_bridge_mtu_reduction(skb) > skb->dev->mtu &&
800 skb->len > skb->dev->mtu &&
801 !skb_is_gso(skb)) 749 !skb_is_gso(skb))
802 return ip_fragment(skb, br_dev_queue_push_xmit); 750 return ip_fragment(skb, br_dev_queue_push_xmit);
803 else 751 else
@@ -820,21 +768,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
820 struct net_device *realoutdev = bridge_parent(skb->dev); 768 struct net_device *realoutdev = bridge_parent(skb->dev);
821 u_int8_t pf; 769 u_int8_t pf;
822 770
823#ifdef CONFIG_NETFILTER_DEBUG 771 if (!nf_bridge || !(nf_bridge->mask & BRNF_BRIDGED))
824 /* Be very paranoid. This probably won't happen anymore, but let's
825 * keep the check just to be sure... */
826 if (skb_mac_header(skb) < skb->head ||
827 skb_mac_header(skb) + ETH_HLEN > skb->data) {
828 printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: "
829 "bad mac.raw pointer.\n");
830 goto print_error;
831 }
832#endif
833
834 if (!nf_bridge)
835 return NF_ACCEPT;
836
837 if (!(nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT)))
838 return NF_ACCEPT; 772 return NF_ACCEPT;
839 773
840 if (!realoutdev) 774 if (!realoutdev)
@@ -849,13 +783,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
849 else 783 else
850 return NF_ACCEPT; 784 return NF_ACCEPT;
851 785
852#ifdef CONFIG_NETFILTER_DEBUG
853 if (skb_dst(skb) == NULL) {
854 printk(KERN_INFO "br_netfilter post_routing: skb->dst == NULL\n");
855 goto print_error;
856 }
857#endif
858
859 /* We assume any code from br_dev_queue_push_xmit onwards doesn't care 786 /* We assume any code from br_dev_queue_push_xmit onwards doesn't care
860 * about the value of skb->pkt_type. */ 787 * about the value of skb->pkt_type. */
861 if (skb->pkt_type == PACKET_OTHERHOST) { 788 if (skb->pkt_type == PACKET_OTHERHOST) {
@@ -865,24 +792,15 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
865 792
866 nf_bridge_pull_encap_header(skb); 793 nf_bridge_pull_encap_header(skb);
867 nf_bridge_save_header(skb); 794 nf_bridge_save_header(skb);
795 if (pf == PF_INET)
796 skb->protocol = htons(ETH_P_IP);
797 else
798 skb->protocol = htons(ETH_P_IPV6);
868 799
869 NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev, 800 NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev,
870 br_nf_dev_queue_xmit); 801 br_nf_dev_queue_xmit);
871 802
872 return NF_STOLEN; 803 return NF_STOLEN;
873
874#ifdef CONFIG_NETFILTER_DEBUG
875print_error:
876 if (skb->dev != NULL) {
877 printk("[%s]", skb->dev->name);
878 if (realoutdev)
879 printk("[%s]", realoutdev->name);
880 }
881 printk(" head:%p, raw:%p, data:%p\n", skb->head, skb_mac_header(skb),
882 skb->data);
883 dump_stack();
884 return NF_ACCEPT;
885#endif
886} 804}
887 805
888/* IP/SABOTAGE *****************************************************/ 806/* IP/SABOTAGE *****************************************************/
@@ -901,10 +819,8 @@ static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb,
901 return NF_ACCEPT; 819 return NF_ACCEPT;
902} 820}
903 821
904/* For br_nf_local_out we need (prio = NF_BR_PRI_FIRST), to insure that innocent 822/* For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because
905 * PF_BRIDGE/NF_BR_LOCAL_OUT functions don't get bridged traffic as input. 823 * br_dev_queue_push_xmit is called afterwards */
906 * For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because
907 * ip_refrag() can return NF_STOLEN. */
908static struct nf_hook_ops br_nf_ops[] __read_mostly = { 824static struct nf_hook_ops br_nf_ops[] __read_mostly = {
909 { 825 {
910 .hook = br_nf_pre_routing, 826 .hook = br_nf_pre_routing,
@@ -935,13 +851,6 @@ static struct nf_hook_ops br_nf_ops[] __read_mostly = {
935 .priority = NF_BR_PRI_BRNF, 851 .priority = NF_BR_PRI_BRNF,
936 }, 852 },
937 { 853 {
938 .hook = br_nf_local_out,
939 .owner = THIS_MODULE,
940 .pf = PF_BRIDGE,
941 .hooknum = NF_BR_LOCAL_OUT,
942 .priority = NF_BR_PRI_FIRST,
943 },
944 {
945 .hook = br_nf_post_routing, 854 .hook = br_nf_post_routing,
946 .owner = THIS_MODULE, 855 .owner = THIS_MODULE,
947 .pf = PF_BRIDGE, 856 .pf = PF_BRIDGE,
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index aa56ac2c882..fe0a79018ab 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -42,8 +42,8 @@ static int br_fill_ifinfo(struct sk_buff *skb, const struct net_bridge_port *por
42 struct nlmsghdr *nlh; 42 struct nlmsghdr *nlh;
43 u8 operstate = netif_running(dev) ? dev->operstate : IF_OPER_DOWN; 43 u8 operstate = netif_running(dev) ? dev->operstate : IF_OPER_DOWN;
44 44
45 pr_debug("br_fill_info event %d port %s master %s\n", 45 br_debug(br, "br_fill_info event %d port %s master %s\n",
46 event, dev->name, br->dev->name); 46 event, dev->name, br->dev->name);
47 47
48 nlh = nlmsg_put(skb, pid, seq, event, sizeof(*hdr), flags); 48 nlh = nlmsg_put(skb, pid, seq, event, sizeof(*hdr), flags);
49 if (nlh == NULL) 49 if (nlh == NULL)
@@ -87,7 +87,9 @@ void br_ifinfo_notify(int event, struct net_bridge_port *port)
87 struct sk_buff *skb; 87 struct sk_buff *skb;
88 int err = -ENOBUFS; 88 int err = -ENOBUFS;
89 89
90 pr_debug("bridge notify event=%d\n", event); 90 br_debug(port->br, "port %u(%s) event %d\n",
91 (unsigned)port->port_no, port->dev->name, event);
92
91 skb = nlmsg_new(br_nlmsg_size(), GFP_ATOMIC); 93 skb = nlmsg_new(br_nlmsg_size(), GFP_ATOMIC);
92 if (skb == NULL) 94 if (skb == NULL)
93 goto errout; 95 goto errout;
diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c
index 763a3ec292e..717e1fd6133 100644
--- a/net/bridge/br_notify.c
+++ b/net/bridge/br_notify.c
@@ -34,6 +34,7 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
34 struct net_device *dev = ptr; 34 struct net_device *dev = ptr;
35 struct net_bridge_port *p = dev->br_port; 35 struct net_bridge_port *p = dev->br_port;
36 struct net_bridge *br; 36 struct net_bridge *br;
37 int err;
37 38
38 /* not a port of a bridge */ 39 /* not a port of a bridge */
39 if (p == NULL) 40 if (p == NULL)
@@ -82,6 +83,16 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
82 case NETDEV_UNREGISTER: 83 case NETDEV_UNREGISTER:
83 br_del_if(br, dev); 84 br_del_if(br, dev);
84 break; 85 break;
86
87 case NETDEV_CHANGENAME:
88 err = br_sysfs_renameif(p);
89 if (err)
90 return notifier_from_errno(err);
91 break;
92
93 case NETDEV_PRE_TYPE_CHANGE:
94 /* Forbid underlaying device to change its type. */
95 return NOTIFY_BAD;
85 } 96 }
86 97
87 /* Events that may cause spanning tree to refresh */ 98 /* Events that may cause spanning tree to refresh */
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 846d7d1e207..0f4a74bc6a9 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -45,6 +45,17 @@ struct mac_addr
45 unsigned char addr[6]; 45 unsigned char addr[6];
46}; 46};
47 47
48struct br_ip
49{
50 union {
51 __be32 ip4;
52#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
53 struct in6_addr ip6;
54#endif
55 } u;
56 __be16 proto;
57};
58
48struct net_bridge_fdb_entry 59struct net_bridge_fdb_entry
49{ 60{
50 struct hlist_node hlist; 61 struct hlist_node hlist;
@@ -64,7 +75,7 @@ struct net_bridge_port_group {
64 struct rcu_head rcu; 75 struct rcu_head rcu;
65 struct timer_list timer; 76 struct timer_list timer;
66 struct timer_list query_timer; 77 struct timer_list query_timer;
67 __be32 addr; 78 struct br_ip addr;
68 u32 queries_sent; 79 u32 queries_sent;
69}; 80};
70 81
@@ -77,7 +88,7 @@ struct net_bridge_mdb_entry
77 struct rcu_head rcu; 88 struct rcu_head rcu;
78 struct timer_list timer; 89 struct timer_list timer;
79 struct timer_list query_timer; 90 struct timer_list query_timer;
80 __be32 addr; 91 struct br_ip addr;
81 u32 queries_sent; 92 u32 queries_sent;
82}; 93};
83 94
@@ -128,6 +139,17 @@ struct net_bridge_port
128 struct hlist_head mglist; 139 struct hlist_head mglist;
129 struct hlist_node rlist; 140 struct hlist_node rlist;
130#endif 141#endif
142
143#ifdef CONFIG_SYSFS
144 char sysfs_name[IFNAMSIZ];
145#endif
146};
147
148struct br_cpu_netstats {
149 unsigned long rx_packets;
150 unsigned long rx_bytes;
151 unsigned long tx_packets;
152 unsigned long tx_bytes;
131}; 153};
132 154
133struct net_bridge 155struct net_bridge
@@ -135,6 +157,8 @@ struct net_bridge
135 spinlock_t lock; 157 spinlock_t lock;
136 struct list_head port_list; 158 struct list_head port_list;
137 struct net_device *dev; 159 struct net_device *dev;
160
161 struct br_cpu_netstats __percpu *stats;
138 spinlock_t hash_lock; 162 spinlock_t hash_lock;
139 struct hlist_head hash[BR_HASH_SIZE]; 163 struct hlist_head hash[BR_HASH_SIZE];
140 unsigned long feature_mask; 164 unsigned long feature_mask;
@@ -220,6 +244,21 @@ struct br_input_skb_cb {
220# define BR_INPUT_SKB_CB_MROUTERS_ONLY(__skb) (0) 244# define BR_INPUT_SKB_CB_MROUTERS_ONLY(__skb) (0)
221#endif 245#endif
222 246
247#define br_printk(level, br, format, args...) \
248 printk(level "%s: " format, (br)->dev->name, ##args)
249
250#define br_err(__br, format, args...) \
251 br_printk(KERN_ERR, __br, format, ##args)
252#define br_warn(__br, format, args...) \
253 br_printk(KERN_WARNING, __br, format, ##args)
254#define br_notice(__br, format, args...) \
255 br_printk(KERN_NOTICE, __br, format, ##args)
256#define br_info(__br, format, args...) \
257 br_printk(KERN_INFO, __br, format, ##args)
258
259#define br_debug(br, format, args...) \
260 pr_debug("%s: " format, (br)->dev->name, ##args)
261
223extern struct notifier_block br_device_notifier; 262extern struct notifier_block br_device_notifier;
224extern const u8 br_group_address[ETH_ALEN]; 263extern const u8 br_group_address[ETH_ALEN];
225 264
@@ -233,6 +272,18 @@ static inline int br_is_root_bridge(const struct net_bridge *br)
233extern void br_dev_setup(struct net_device *dev); 272extern void br_dev_setup(struct net_device *dev);
234extern netdev_tx_t br_dev_xmit(struct sk_buff *skb, 273extern netdev_tx_t br_dev_xmit(struct sk_buff *skb,
235 struct net_device *dev); 274 struct net_device *dev);
275#ifdef CONFIG_NET_POLL_CONTROLLER
276extern void br_netpoll_cleanup(struct net_device *dev);
277extern void br_netpoll_enable(struct net_bridge *br,
278 struct net_device *dev);
279extern void br_netpoll_disable(struct net_bridge *br,
280 struct net_device *dev);
281#else
282#define br_netpoll_cleanup(br)
283#define br_netpoll_enable(br, dev)
284#define br_netpoll_disable(br, dev)
285
286#endif
236 287
237/* br_fdb.c */ 288/* br_fdb.c */
238extern int br_fdb_init(void); 289extern int br_fdb_init(void);
@@ -433,6 +484,7 @@ extern void br_ifinfo_notify(int event, struct net_bridge_port *port);
433/* br_sysfs_if.c */ 484/* br_sysfs_if.c */
434extern const struct sysfs_ops brport_sysfs_ops; 485extern const struct sysfs_ops brport_sysfs_ops;
435extern int br_sysfs_addif(struct net_bridge_port *p); 486extern int br_sysfs_addif(struct net_bridge_port *p);
487extern int br_sysfs_renameif(struct net_bridge_port *p);
436 488
437/* br_sysfs_br.c */ 489/* br_sysfs_br.c */
438extern int br_sysfs_addbr(struct net_device *dev); 490extern int br_sysfs_addbr(struct net_device *dev);
@@ -441,6 +493,7 @@ extern void br_sysfs_delbr(struct net_device *dev);
441#else 493#else
442 494
443#define br_sysfs_addif(p) (0) 495#define br_sysfs_addif(p) (0)
496#define br_sysfs_renameif(p) (0)
444#define br_sysfs_addbr(dev) (0) 497#define br_sysfs_addbr(dev) (0)
445#define br_sysfs_delbr(dev) do { } while(0) 498#define br_sysfs_delbr(dev) do { } while(0)
446#endif /* CONFIG_SYSFS */ 499#endif /* CONFIG_SYSFS */
diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c
index edcf14b560f..57186d84d2b 100644
--- a/net/bridge/br_stp.c
+++ b/net/bridge/br_stp.c
@@ -31,10 +31,9 @@ static const char *const br_port_state_names[] = {
31 31
32void br_log_state(const struct net_bridge_port *p) 32void br_log_state(const struct net_bridge_port *p)
33{ 33{
34 pr_info("%s: port %d(%s) entering %s state\n", 34 br_info(p->br, "port %u(%s) entering %s state\n",
35 p->br->dev->name, p->port_no, p->dev->name, 35 (unsigned) p->port_no, p->dev->name,
36 br_port_state_names[p->state]); 36 br_port_state_names[p->state]);
37
38} 37}
39 38
40/* called under bridge lock */ 39/* called under bridge lock */
@@ -300,7 +299,7 @@ void br_topology_change_detection(struct net_bridge *br)
300 if (br->stp_enabled != BR_KERNEL_STP) 299 if (br->stp_enabled != BR_KERNEL_STP)
301 return; 300 return;
302 301
303 pr_info("%s: topology change detected, %s\n", br->dev->name, 302 br_info(br, "topology change detected, %s\n",
304 isroot ? "propagating" : "sending tcn bpdu"); 303 isroot ? "propagating" : "sending tcn bpdu");
305 304
306 if (isroot) { 305 if (isroot) {
@@ -469,8 +468,8 @@ void br_received_config_bpdu(struct net_bridge_port *p, struct br_config_bpdu *b
469void br_received_tcn_bpdu(struct net_bridge_port *p) 468void br_received_tcn_bpdu(struct net_bridge_port *p)
470{ 469{
471 if (br_is_designated_port(p)) { 470 if (br_is_designated_port(p)) {
472 pr_info("%s: received tcn bpdu on port %i(%s)\n", 471 br_info(p->br, "port %u(%s) received tcn bpdu\n",
473 p->br->dev->name, p->port_no, p->dev->name); 472 (unsigned) p->port_no, p->dev->name);
474 473
475 br_topology_change_detection(p->br); 474 br_topology_change_detection(p->br);
476 br_topology_change_acknowledge(p); 475 br_topology_change_acknowledge(p);
diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
index d66cce11f3b..217bd225a42 100644
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -50,7 +50,7 @@ static void br_send_bpdu(struct net_bridge_port *p,
50 50
51 llc_mac_hdr_init(skb, p->dev->dev_addr, p->br->group_addr); 51 llc_mac_hdr_init(skb, p->dev->dev_addr, p->br->group_addr);
52 52
53 NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 53 NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
54 dev_queue_xmit); 54 dev_queue_xmit);
55} 55}
56 56
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index d527119e9f5..1d8826914cb 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -85,17 +85,16 @@ void br_stp_enable_port(struct net_bridge_port *p)
85{ 85{
86 br_init_port(p); 86 br_init_port(p);
87 br_port_state_selection(p->br); 87 br_port_state_selection(p->br);
88 br_log_state(p);
88} 89}
89 90
90/* called under bridge lock */ 91/* called under bridge lock */
91void br_stp_disable_port(struct net_bridge_port *p) 92void br_stp_disable_port(struct net_bridge_port *p)
92{ 93{
93 struct net_bridge *br; 94 struct net_bridge *br = p->br;
94 int wasroot; 95 int wasroot;
95 96
96 br = p->br; 97 br_log_state(p);
97 printk(KERN_INFO "%s: port %i(%s) entering %s state\n",
98 br->dev->name, p->port_no, p->dev->name, "disabled");
99 98
100 wasroot = br_is_root_bridge(br); 99 wasroot = br_is_root_bridge(br);
101 br_become_designated_port(p); 100 br_become_designated_port(p);
@@ -127,11 +126,10 @@ static void br_stp_start(struct net_bridge *br)
127 r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC); 126 r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
128 if (r == 0) { 127 if (r == 0) {
129 br->stp_enabled = BR_USER_STP; 128 br->stp_enabled = BR_USER_STP;
130 printk(KERN_INFO "%s: userspace STP started\n", br->dev->name); 129 br_debug(br, "userspace STP started\n");
131 } else { 130 } else {
132 br->stp_enabled = BR_KERNEL_STP; 131 br->stp_enabled = BR_KERNEL_STP;
133 printk(KERN_INFO "%s: starting userspace STP failed, " 132 br_debug(br, "using kernel STP\n");
134 "starting kernel STP\n", br->dev->name);
135 133
136 /* To start timers on any ports left in blocking */ 134 /* To start timers on any ports left in blocking */
137 spin_lock_bh(&br->lock); 135 spin_lock_bh(&br->lock);
@@ -148,9 +146,7 @@ static void br_stp_stop(struct net_bridge *br)
148 146
149 if (br->stp_enabled == BR_USER_STP) { 147 if (br->stp_enabled == BR_USER_STP) {
150 r = call_usermodehelper(BR_STP_PROG, argv, envp, 1); 148 r = call_usermodehelper(BR_STP_PROG, argv, envp, 1);
151 printk(KERN_INFO "%s: userspace STP stopped, return code %d\n", 149 br_info(br, "userspace STP stopped, return code %d\n", r);
152 br->dev->name, r);
153
154 150
155 /* To start timers on any ports left in blocking */ 151 /* To start timers on any ports left in blocking */
156 spin_lock_bh(&br->lock); 152 spin_lock_bh(&br->lock);
diff --git a/net/bridge/br_stp_timer.c b/net/bridge/br_stp_timer.c
index 772a140bfdf..7b22456023c 100644
--- a/net/bridge/br_stp_timer.c
+++ b/net/bridge/br_stp_timer.c
@@ -35,7 +35,7 @@ static void br_hello_timer_expired(unsigned long arg)
35{ 35{
36 struct net_bridge *br = (struct net_bridge *)arg; 36 struct net_bridge *br = (struct net_bridge *)arg;
37 37
38 pr_debug("%s: hello timer expired\n", br->dev->name); 38 br_debug(br, "hello timer expired\n");
39 spin_lock(&br->lock); 39 spin_lock(&br->lock);
40 if (br->dev->flags & IFF_UP) { 40 if (br->dev->flags & IFF_UP) {
41 br_config_bpdu_generation(br); 41 br_config_bpdu_generation(br);
@@ -55,13 +55,9 @@ static void br_message_age_timer_expired(unsigned long arg)
55 if (p->state == BR_STATE_DISABLED) 55 if (p->state == BR_STATE_DISABLED)
56 return; 56 return;
57 57
58 58 br_info(br, "port %u(%s) neighbor %.2x%.2x.%pM lost\n",
59 pr_info("%s: neighbor %.2x%.2x.%.2x:%.2x:%.2x:%.2x:%.2x:%.2x lost on port %d(%s)\n", 59 (unsigned) p->port_no, p->dev->name,
60 br->dev->name, 60 id->prio[0], id->prio[1], &id->addr);
61 id->prio[0], id->prio[1],
62 id->addr[0], id->addr[1], id->addr[2],
63 id->addr[3], id->addr[4], id->addr[5],
64 p->port_no, p->dev->name);
65 61
66 /* 62 /*
67 * According to the spec, the message age timer cannot be 63 * According to the spec, the message age timer cannot be
@@ -87,8 +83,8 @@ static void br_forward_delay_timer_expired(unsigned long arg)
87 struct net_bridge_port *p = (struct net_bridge_port *) arg; 83 struct net_bridge_port *p = (struct net_bridge_port *) arg;
88 struct net_bridge *br = p->br; 84 struct net_bridge *br = p->br;
89 85
90 pr_debug("%s: %d(%s) forward delay timer\n", 86 br_debug(br, "port %u(%s) forward delay timer\n",
91 br->dev->name, p->port_no, p->dev->name); 87 (unsigned) p->port_no, p->dev->name);
92 spin_lock(&br->lock); 88 spin_lock(&br->lock);
93 if (p->state == BR_STATE_LISTENING) { 89 if (p->state == BR_STATE_LISTENING) {
94 p->state = BR_STATE_LEARNING; 90 p->state = BR_STATE_LEARNING;
@@ -107,7 +103,7 @@ static void br_tcn_timer_expired(unsigned long arg)
107{ 103{
108 struct net_bridge *br = (struct net_bridge *) arg; 104 struct net_bridge *br = (struct net_bridge *) arg;
109 105
110 pr_debug("%s: tcn timer expired\n", br->dev->name); 106 br_debug(br, "tcn timer expired\n");
111 spin_lock(&br->lock); 107 spin_lock(&br->lock);
112 if (br->dev->flags & IFF_UP) { 108 if (br->dev->flags & IFF_UP) {
113 br_transmit_tcn(br); 109 br_transmit_tcn(br);
@@ -121,7 +117,7 @@ static void br_topology_change_timer_expired(unsigned long arg)
121{ 117{
122 struct net_bridge *br = (struct net_bridge *) arg; 118 struct net_bridge *br = (struct net_bridge *) arg;
123 119
124 pr_debug("%s: topo change timer expired\n", br->dev->name); 120 br_debug(br, "topo change timer expired\n");
125 spin_lock(&br->lock); 121 spin_lock(&br->lock);
126 br->topology_change_detected = 0; 122 br->topology_change_detected = 0;
127 br->topology_change = 0; 123 br->topology_change = 0;
@@ -132,8 +128,8 @@ static void br_hold_timer_expired(unsigned long arg)
132{ 128{
133 struct net_bridge_port *p = (struct net_bridge_port *) arg; 129 struct net_bridge_port *p = (struct net_bridge_port *) arg;
134 130
135 pr_debug("%s: %d(%s) hold timer expired\n", 131 br_debug(p->br, "port %u(%s) hold timer expired\n",
136 p->br->dev->name, p->port_no, p->dev->name); 132 (unsigned) p->port_no, p->dev->name);
137 133
138 spin_lock(&p->br->lock); 134 spin_lock(&p->br->lock);
139 if (p->config_pending) 135 if (p->config_pending)
diff --git a/net/bridge/br_sysfs_if.c b/net/bridge/br_sysfs_if.c
index 0b9916489d6..fd5799c9bc8 100644
--- a/net/bridge/br_sysfs_if.c
+++ b/net/bridge/br_sysfs_if.c
@@ -246,7 +246,7 @@ const struct sysfs_ops brport_sysfs_ops = {
246/* 246/*
247 * Add sysfs entries to ethernet device added to a bridge. 247 * Add sysfs entries to ethernet device added to a bridge.
248 * Creates a brport subdirectory with bridge attributes. 248 * Creates a brport subdirectory with bridge attributes.
249 * Puts symlink in bridge's brport subdirectory 249 * Puts symlink in bridge's brif subdirectory
250 */ 250 */
251int br_sysfs_addif(struct net_bridge_port *p) 251int br_sysfs_addif(struct net_bridge_port *p)
252{ 252{
@@ -257,15 +257,37 @@ int br_sysfs_addif(struct net_bridge_port *p)
257 err = sysfs_create_link(&p->kobj, &br->dev->dev.kobj, 257 err = sysfs_create_link(&p->kobj, &br->dev->dev.kobj,
258 SYSFS_BRIDGE_PORT_LINK); 258 SYSFS_BRIDGE_PORT_LINK);
259 if (err) 259 if (err)
260 goto out2; 260 return err;
261 261
262 for (a = brport_attrs; *a; ++a) { 262 for (a = brport_attrs; *a; ++a) {
263 err = sysfs_create_file(&p->kobj, &((*a)->attr)); 263 err = sysfs_create_file(&p->kobj, &((*a)->attr));
264 if (err) 264 if (err)
265 goto out2; 265 return err;
266 } 266 }
267 267
268 err = sysfs_create_link(br->ifobj, &p->kobj, p->dev->name); 268 strlcpy(p->sysfs_name, p->dev->name, IFNAMSIZ);
269out2: 269 return sysfs_create_link(br->ifobj, &p->kobj, p->sysfs_name);
270}
271
272/* Rename bridge's brif symlink */
273int br_sysfs_renameif(struct net_bridge_port *p)
274{
275 struct net_bridge *br = p->br;
276 int err;
277
278 /* If a rename fails, the rollback will cause another
279 * rename call with the existing name.
280 */
281 if (!strncmp(p->sysfs_name, p->dev->name, IFNAMSIZ))
282 return 0;
283
284 err = sysfs_rename_link(br->ifobj, &p->kobj,
285 p->sysfs_name, p->dev->name);
286 if (err)
287 netdev_notice(br->dev, "unable to rename link %s to %s",
288 p->sysfs_name, p->dev->name);
289 else
290 strlcpy(p->sysfs_name, p->dev->name, IFNAMSIZ);
291
270 return err; 292 return err;
271} 293}
diff --git a/net/bridge/netfilter/ebt_802_3.c b/net/bridge/netfilter/ebt_802_3.c
index 5d1176758ca..2a449b7ab8f 100644
--- a/net/bridge/netfilter/ebt_802_3.c
+++ b/net/bridge/netfilter/ebt_802_3.c
@@ -13,7 +13,7 @@
13#include <linux/netfilter_bridge/ebt_802_3.h> 13#include <linux/netfilter_bridge/ebt_802_3.h>
14 14
15static bool 15static bool
16ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par) 16ebt_802_3_mt(const struct sk_buff *skb, struct xt_action_param *par)
17{ 17{
18 const struct ebt_802_3_info *info = par->matchinfo; 18 const struct ebt_802_3_info *info = par->matchinfo;
19 const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb); 19 const struct ebt_802_3_hdr *hdr = ebt_802_3_hdr(skb);
@@ -36,14 +36,14 @@ ebt_802_3_mt(const struct sk_buff *skb, const struct xt_match_param *par)
36 return true; 36 return true;
37} 37}
38 38
39static bool ebt_802_3_mt_check(const struct xt_mtchk_param *par) 39static int ebt_802_3_mt_check(const struct xt_mtchk_param *par)
40{ 40{
41 const struct ebt_802_3_info *info = par->matchinfo; 41 const struct ebt_802_3_info *info = par->matchinfo;
42 42
43 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) 43 if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK)
44 return false; 44 return -EINVAL;
45 45
46 return true; 46 return 0;
47} 47}
48 48
49static struct xt_match ebt_802_3_mt_reg __read_mostly = { 49static struct xt_match ebt_802_3_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index b595f091f35..8b84c581be3 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -7,6 +7,7 @@
7 * August, 2003 7 * August, 2003
8 * 8 *
9 */ 9 */
10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10#include <linux/ip.h> 11#include <linux/ip.h>
11#include <linux/if_arp.h> 12#include <linux/if_arp.h>
12#include <linux/module.h> 13#include <linux/module.h>
@@ -128,7 +129,7 @@ static int get_ip_src(const struct sk_buff *skb, __be32 *addr)
128} 129}
129 130
130static bool 131static bool
131ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par) 132ebt_among_mt(const struct sk_buff *skb, struct xt_action_param *par)
132{ 133{
133 const struct ebt_among_info *info = par->matchinfo; 134 const struct ebt_among_info *info = par->matchinfo;
134 const char *dmac, *smac; 135 const char *dmac, *smac;
@@ -171,7 +172,7 @@ ebt_among_mt(const struct sk_buff *skb, const struct xt_match_param *par)
171 return true; 172 return true;
172} 173}
173 174
174static bool ebt_among_mt_check(const struct xt_mtchk_param *par) 175static int ebt_among_mt_check(const struct xt_mtchk_param *par)
175{ 176{
176 const struct ebt_among_info *info = par->matchinfo; 177 const struct ebt_among_info *info = par->matchinfo;
177 const struct ebt_entry_match *em = 178 const struct ebt_entry_match *em =
@@ -186,24 +187,20 @@ static bool ebt_among_mt_check(const struct xt_mtchk_param *par)
186 expected_length += ebt_mac_wormhash_size(wh_src); 187 expected_length += ebt_mac_wormhash_size(wh_src);
187 188
188 if (em->match_size != EBT_ALIGN(expected_length)) { 189 if (em->match_size != EBT_ALIGN(expected_length)) {
189 printk(KERN_WARNING 190 pr_info("wrong size: %d against expected %d, rounded to %Zd\n",
190 "ebtables: among: wrong size: %d " 191 em->match_size, expected_length,
191 "against expected %d, rounded to %Zd\n", 192 EBT_ALIGN(expected_length));
192 em->match_size, expected_length, 193 return -EINVAL;
193 EBT_ALIGN(expected_length));
194 return false;
195 } 194 }
196 if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) { 195 if (wh_dst && (err = ebt_mac_wormhash_check_integrity(wh_dst))) {
197 printk(KERN_WARNING 196 pr_info("dst integrity fail: %x\n", -err);
198 "ebtables: among: dst integrity fail: %x\n", -err); 197 return -EINVAL;
199 return false;
200 } 198 }
201 if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) { 199 if (wh_src && (err = ebt_mac_wormhash_check_integrity(wh_src))) {
202 printk(KERN_WARNING 200 pr_info("src integrity fail: %x\n", -err);
203 "ebtables: among: src integrity fail: %x\n", -err); 201 return -EINVAL;
204 return false;
205 } 202 }
206 return true; 203 return 0;
207} 204}
208 205
209static struct xt_match ebt_among_mt_reg __read_mostly = { 206static struct xt_match ebt_among_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_arp.c b/net/bridge/netfilter/ebt_arp.c
index e727697c584..cd457b891b2 100644
--- a/net/bridge/netfilter/ebt_arp.c
+++ b/net/bridge/netfilter/ebt_arp.c
@@ -16,7 +16,7 @@
16#include <linux/netfilter_bridge/ebt_arp.h> 16#include <linux/netfilter_bridge/ebt_arp.h>
17 17
18static bool 18static bool
19ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par) 19ebt_arp_mt(const struct sk_buff *skb, struct xt_action_param *par)
20{ 20{
21 const struct ebt_arp_info *info = par->matchinfo; 21 const struct ebt_arp_info *info = par->matchinfo;
22 const struct arphdr *ah; 22 const struct arphdr *ah;
@@ -100,7 +100,7 @@ ebt_arp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
100 return true; 100 return true;
101} 101}
102 102
103static bool ebt_arp_mt_check(const struct xt_mtchk_param *par) 103static int ebt_arp_mt_check(const struct xt_mtchk_param *par)
104{ 104{
105 const struct ebt_arp_info *info = par->matchinfo; 105 const struct ebt_arp_info *info = par->matchinfo;
106 const struct ebt_entry *e = par->entryinfo; 106 const struct ebt_entry *e = par->entryinfo;
@@ -108,10 +108,10 @@ static bool ebt_arp_mt_check(const struct xt_mtchk_param *par)
108 if ((e->ethproto != htons(ETH_P_ARP) && 108 if ((e->ethproto != htons(ETH_P_ARP) &&
109 e->ethproto != htons(ETH_P_RARP)) || 109 e->ethproto != htons(ETH_P_RARP)) ||
110 e->invflags & EBT_IPROTO) 110 e->invflags & EBT_IPROTO)
111 return false; 111 return -EINVAL;
112 if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) 112 if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK)
113 return false; 113 return -EINVAL;
114 return true; 114 return 0;
115} 115}
116 116
117static struct xt_match ebt_arp_mt_reg __read_mostly = { 117static struct xt_match ebt_arp_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_arpreply.c b/net/bridge/netfilter/ebt_arpreply.c
index f392e9d93f5..070cf134a22 100644
--- a/net/bridge/netfilter/ebt_arpreply.c
+++ b/net/bridge/netfilter/ebt_arpreply.c
@@ -16,7 +16,7 @@
16#include <linux/netfilter_bridge/ebt_arpreply.h> 16#include <linux/netfilter_bridge/ebt_arpreply.h>
17 17
18static unsigned int 18static unsigned int
19ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par) 19ebt_arpreply_tg(struct sk_buff *skb, const struct xt_action_param *par)
20{ 20{
21 const struct ebt_arpreply_info *info = par->targinfo; 21 const struct ebt_arpreply_info *info = par->targinfo;
22 const __be32 *siptr, *diptr; 22 const __be32 *siptr, *diptr;
@@ -57,17 +57,17 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct xt_target_param *par)
57 return info->target; 57 return info->target;
58} 58}
59 59
60static bool ebt_arpreply_tg_check(const struct xt_tgchk_param *par) 60static int ebt_arpreply_tg_check(const struct xt_tgchk_param *par)
61{ 61{
62 const struct ebt_arpreply_info *info = par->targinfo; 62 const struct ebt_arpreply_info *info = par->targinfo;
63 const struct ebt_entry *e = par->entryinfo; 63 const struct ebt_entry *e = par->entryinfo;
64 64
65 if (BASE_CHAIN && info->target == EBT_RETURN) 65 if (BASE_CHAIN && info->target == EBT_RETURN)
66 return false; 66 return -EINVAL;
67 if (e->ethproto != htons(ETH_P_ARP) || 67 if (e->ethproto != htons(ETH_P_ARP) ||
68 e->invflags & EBT_IPROTO) 68 e->invflags & EBT_IPROTO)
69 return false; 69 return -EINVAL;
70 return true; 70 return 0;
71} 71}
72 72
73static struct xt_target ebt_arpreply_tg_reg __read_mostly = { 73static struct xt_target ebt_arpreply_tg_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index 2bb40d728a3..c59f7bfae6e 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -15,7 +15,7 @@
15#include <linux/netfilter_bridge/ebt_nat.h> 15#include <linux/netfilter_bridge/ebt_nat.h>
16 16
17static unsigned int 17static unsigned int
18ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par) 18ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par)
19{ 19{
20 const struct ebt_nat_info *info = par->targinfo; 20 const struct ebt_nat_info *info = par->targinfo;
21 21
@@ -26,13 +26,13 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_target_param *par)
26 return info->target; 26 return info->target;
27} 27}
28 28
29static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par) 29static int ebt_dnat_tg_check(const struct xt_tgchk_param *par)
30{ 30{
31 const struct ebt_nat_info *info = par->targinfo; 31 const struct ebt_nat_info *info = par->targinfo;
32 unsigned int hook_mask; 32 unsigned int hook_mask;
33 33
34 if (BASE_CHAIN && info->target == EBT_RETURN) 34 if (BASE_CHAIN && info->target == EBT_RETURN)
35 return false; 35 return -EINVAL;
36 36
37 hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); 37 hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
38 if ((strcmp(par->table, "nat") != 0 || 38 if ((strcmp(par->table, "nat") != 0 ||
@@ -40,10 +40,10 @@ static bool ebt_dnat_tg_check(const struct xt_tgchk_param *par)
40 (1 << NF_BR_LOCAL_OUT)))) && 40 (1 << NF_BR_LOCAL_OUT)))) &&
41 (strcmp(par->table, "broute") != 0 || 41 (strcmp(par->table, "broute") != 0 ||
42 hook_mask & ~(1 << NF_BR_BROUTING))) 42 hook_mask & ~(1 << NF_BR_BROUTING)))
43 return false; 43 return -EINVAL;
44 if (INVALID_TARGET) 44 if (INVALID_TARGET)
45 return false; 45 return -EINVAL;
46 return true; 46 return 0;
47} 47}
48 48
49static struct xt_target ebt_dnat_tg_reg __read_mostly = { 49static struct xt_target ebt_dnat_tg_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ip.c b/net/bridge/netfilter/ebt_ip.c
index 5de6df6f86b..23bca62d58d 100644
--- a/net/bridge/netfilter/ebt_ip.c
+++ b/net/bridge/netfilter/ebt_ip.c
@@ -25,7 +25,7 @@ struct tcpudphdr {
25}; 25};
26 26
27static bool 27static bool
28ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par) 28ebt_ip_mt(const struct sk_buff *skb, struct xt_action_param *par)
29{ 29{
30 const struct ebt_ip_info *info = par->matchinfo; 30 const struct ebt_ip_info *info = par->matchinfo;
31 const struct iphdr *ih; 31 const struct iphdr *ih;
@@ -77,31 +77,31 @@ ebt_ip_mt(const struct sk_buff *skb, const struct xt_match_param *par)
77 return true; 77 return true;
78} 78}
79 79
80static bool ebt_ip_mt_check(const struct xt_mtchk_param *par) 80static int ebt_ip_mt_check(const struct xt_mtchk_param *par)
81{ 81{
82 const struct ebt_ip_info *info = par->matchinfo; 82 const struct ebt_ip_info *info = par->matchinfo;
83 const struct ebt_entry *e = par->entryinfo; 83 const struct ebt_entry *e = par->entryinfo;
84 84
85 if (e->ethproto != htons(ETH_P_IP) || 85 if (e->ethproto != htons(ETH_P_IP) ||
86 e->invflags & EBT_IPROTO) 86 e->invflags & EBT_IPROTO)
87 return false; 87 return -EINVAL;
88 if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) 88 if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK)
89 return false; 89 return -EINVAL;
90 if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) { 90 if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) {
91 if (info->invflags & EBT_IP_PROTO) 91 if (info->invflags & EBT_IP_PROTO)
92 return false; 92 return -EINVAL;
93 if (info->protocol != IPPROTO_TCP && 93 if (info->protocol != IPPROTO_TCP &&
94 info->protocol != IPPROTO_UDP && 94 info->protocol != IPPROTO_UDP &&
95 info->protocol != IPPROTO_UDPLITE && 95 info->protocol != IPPROTO_UDPLITE &&
96 info->protocol != IPPROTO_SCTP && 96 info->protocol != IPPROTO_SCTP &&
97 info->protocol != IPPROTO_DCCP) 97 info->protocol != IPPROTO_DCCP)
98 return false; 98 return -EINVAL;
99 } 99 }
100 if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) 100 if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1])
101 return false; 101 return -EINVAL;
102 if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) 102 if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1])
103 return false; 103 return -EINVAL;
104 return true; 104 return 0;
105} 105}
106 106
107static struct xt_match ebt_ip_mt_reg __read_mostly = { 107static struct xt_match ebt_ip_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ip6.c b/net/bridge/netfilter/ebt_ip6.c
index bbf2534ef02..50a46afc2bc 100644
--- a/net/bridge/netfilter/ebt_ip6.c
+++ b/net/bridge/netfilter/ebt_ip6.c
@@ -4,7 +4,7 @@
4 * Authors: 4 * Authors:
5 * Manohar Castelino <manohar.r.castelino@intel.com> 5 * Manohar Castelino <manohar.r.castelino@intel.com>
6 * Kuo-Lang Tseng <kuo-lang.tseng@intel.com> 6 * Kuo-Lang Tseng <kuo-lang.tseng@intel.com>
7 * Jan Engelhardt <jengelh@computergmbh.de> 7 * Jan Engelhardt <jengelh@medozas.de>
8 * 8 *
9 * Summary: 9 * Summary:
10 * This is just a modification of the IPv4 code written by 10 * This is just a modification of the IPv4 code written by
@@ -28,15 +28,13 @@ struct tcpudphdr {
28}; 28};
29 29
30static bool 30static bool
31ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par) 31ebt_ip6_mt(const struct sk_buff *skb, struct xt_action_param *par)
32{ 32{
33 const struct ebt_ip6_info *info = par->matchinfo; 33 const struct ebt_ip6_info *info = par->matchinfo;
34 const struct ipv6hdr *ih6; 34 const struct ipv6hdr *ih6;
35 struct ipv6hdr _ip6h; 35 struct ipv6hdr _ip6h;
36 const struct tcpudphdr *pptr; 36 const struct tcpudphdr *pptr;
37 struct tcpudphdr _ports; 37 struct tcpudphdr _ports;
38 struct in6_addr tmp_addr;
39 int i;
40 38
41 ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h); 39 ih6 = skb_header_pointer(skb, 0, sizeof(_ip6h), &_ip6h);
42 if (ih6 == NULL) 40 if (ih6 == NULL)
@@ -44,18 +42,10 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
44 if (info->bitmask & EBT_IP6_TCLASS && 42 if (info->bitmask & EBT_IP6_TCLASS &&
45 FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS)) 43 FWINV(info->tclass != ipv6_get_dsfield(ih6), EBT_IP6_TCLASS))
46 return false; 44 return false;
47 for (i = 0; i < 4; i++) 45 if (FWINV(ipv6_masked_addr_cmp(&ih6->saddr, &info->smsk,
48 tmp_addr.in6_u.u6_addr32[i] = ih6->saddr.in6_u.u6_addr32[i] & 46 &info->saddr), EBT_IP6_SOURCE) ||
49 info->smsk.in6_u.u6_addr32[i]; 47 FWINV(ipv6_masked_addr_cmp(&ih6->daddr, &info->dmsk,
50 if (info->bitmask & EBT_IP6_SOURCE && 48 &info->daddr), EBT_IP6_DEST))
51 FWINV((ipv6_addr_cmp(&tmp_addr, &info->saddr) != 0),
52 EBT_IP6_SOURCE))
53 return false;
54 for (i = 0; i < 4; i++)
55 tmp_addr.in6_u.u6_addr32[i] = ih6->daddr.in6_u.u6_addr32[i] &
56 info->dmsk.in6_u.u6_addr32[i];
57 if (info->bitmask & EBT_IP6_DEST &&
58 FWINV((ipv6_addr_cmp(&tmp_addr, &info->daddr) != 0), EBT_IP6_DEST))
59 return false; 49 return false;
60 if (info->bitmask & EBT_IP6_PROTO) { 50 if (info->bitmask & EBT_IP6_PROTO) {
61 uint8_t nexthdr = ih6->nexthdr; 51 uint8_t nexthdr = ih6->nexthdr;
@@ -90,30 +80,30 @@ ebt_ip6_mt(const struct sk_buff *skb, const struct xt_match_param *par)
90 return true; 80 return true;
91} 81}
92 82
93static bool ebt_ip6_mt_check(const struct xt_mtchk_param *par) 83static int ebt_ip6_mt_check(const struct xt_mtchk_param *par)
94{ 84{
95 const struct ebt_entry *e = par->entryinfo; 85 const struct ebt_entry *e = par->entryinfo;
96 struct ebt_ip6_info *info = par->matchinfo; 86 struct ebt_ip6_info *info = par->matchinfo;
97 87
98 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO) 88 if (e->ethproto != htons(ETH_P_IPV6) || e->invflags & EBT_IPROTO)
99 return false; 89 return -EINVAL;
100 if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK) 90 if (info->bitmask & ~EBT_IP6_MASK || info->invflags & ~EBT_IP6_MASK)
101 return false; 91 return -EINVAL;
102 if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) { 92 if (info->bitmask & (EBT_IP6_DPORT | EBT_IP6_SPORT)) {
103 if (info->invflags & EBT_IP6_PROTO) 93 if (info->invflags & EBT_IP6_PROTO)
104 return false; 94 return -EINVAL;
105 if (info->protocol != IPPROTO_TCP && 95 if (info->protocol != IPPROTO_TCP &&
106 info->protocol != IPPROTO_UDP && 96 info->protocol != IPPROTO_UDP &&
107 info->protocol != IPPROTO_UDPLITE && 97 info->protocol != IPPROTO_UDPLITE &&
108 info->protocol != IPPROTO_SCTP && 98 info->protocol != IPPROTO_SCTP &&
109 info->protocol != IPPROTO_DCCP) 99 info->protocol != IPPROTO_DCCP)
110 return false; 100 return -EINVAL;
111 } 101 }
112 if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1]) 102 if (info->bitmask & EBT_IP6_DPORT && info->dport[0] > info->dport[1])
113 return false; 103 return -EINVAL;
114 if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1]) 104 if (info->bitmask & EBT_IP6_SPORT && info->sport[0] > info->sport[1])
115 return false; 105 return -EINVAL;
116 return true; 106 return 0;
117} 107}
118 108
119static struct xt_match ebt_ip6_mt_reg __read_mostly = { 109static struct xt_match ebt_ip6_mt_reg __read_mostly = {
@@ -139,4 +129,5 @@ static void __exit ebt_ip6_fini(void)
139module_init(ebt_ip6_init); 129module_init(ebt_ip6_init);
140module_exit(ebt_ip6_fini); 130module_exit(ebt_ip6_fini);
141MODULE_DESCRIPTION("Ebtables: IPv6 protocol packet match"); 131MODULE_DESCRIPTION("Ebtables: IPv6 protocol packet match");
132MODULE_AUTHOR("Kuo-Lang Tseng <kuo-lang.tseng@intel.com>");
142MODULE_LICENSE("GPL"); 133MODULE_LICENSE("GPL");
diff --git a/net/bridge/netfilter/ebt_limit.c b/net/bridge/netfilter/ebt_limit.c
index 7a8182710eb..517e78befcb 100644
--- a/net/bridge/netfilter/ebt_limit.c
+++ b/net/bridge/netfilter/ebt_limit.c
@@ -10,6 +10,7 @@
10 * September, 2003 10 * September, 2003
11 * 11 *
12 */ 12 */
13#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
13#include <linux/module.h> 14#include <linux/module.h>
14#include <linux/netdevice.h> 15#include <linux/netdevice.h>
15#include <linux/spinlock.h> 16#include <linux/spinlock.h>
@@ -31,7 +32,7 @@ static DEFINE_SPINLOCK(limit_lock);
31#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ) 32#define CREDITS_PER_JIFFY POW2_BELOW32(MAX_CPJ)
32 33
33static bool 34static bool
34ebt_limit_mt(const struct sk_buff *skb, const struct xt_match_param *par) 35ebt_limit_mt(const struct sk_buff *skb, struct xt_action_param *par)
35{ 36{
36 struct ebt_limit_info *info = (void *)par->matchinfo; 37 struct ebt_limit_info *info = (void *)par->matchinfo;
37 unsigned long now = jiffies; 38 unsigned long now = jiffies;
@@ -64,16 +65,16 @@ user2credits(u_int32_t user)
64 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE; 65 return (user * HZ * CREDITS_PER_JIFFY) / EBT_LIMIT_SCALE;
65} 66}
66 67
67static bool ebt_limit_mt_check(const struct xt_mtchk_param *par) 68static int ebt_limit_mt_check(const struct xt_mtchk_param *par)
68{ 69{
69 struct ebt_limit_info *info = par->matchinfo; 70 struct ebt_limit_info *info = par->matchinfo;
70 71
71 /* Check for overflow. */ 72 /* Check for overflow. */
72 if (info->burst == 0 || 73 if (info->burst == 0 ||
73 user2credits(info->avg * info->burst) < user2credits(info->avg)) { 74 user2credits(info->avg * info->burst) < user2credits(info->avg)) {
74 printk("Overflow in ebt_limit, try lower: %u/%u\n", 75 pr_info("overflow, try lower: %u/%u\n",
75 info->avg, info->burst); 76 info->avg, info->burst);
76 return false; 77 return -EINVAL;
77 } 78 }
78 79
79 /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */ 80 /* User avg in seconds * EBT_LIMIT_SCALE: convert to jiffies * 128. */
@@ -81,7 +82,7 @@ static bool ebt_limit_mt_check(const struct xt_mtchk_param *par)
81 info->credit = user2credits(info->avg * info->burst); 82 info->credit = user2credits(info->avg * info->burst);
82 info->credit_cap = user2credits(info->avg * info->burst); 83 info->credit_cap = user2credits(info->avg * info->burst);
83 info->cost = user2credits(info->avg); 84 info->cost = user2credits(info->avg);
84 return true; 85 return 0;
85} 86}
86 87
87 88
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index e873924ddb5..6e5a8bb9b94 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -24,16 +24,16 @@
24 24
25static DEFINE_SPINLOCK(ebt_log_lock); 25static DEFINE_SPINLOCK(ebt_log_lock);
26 26
27static bool ebt_log_tg_check(const struct xt_tgchk_param *par) 27static int ebt_log_tg_check(const struct xt_tgchk_param *par)
28{ 28{
29 struct ebt_log_info *info = par->targinfo; 29 struct ebt_log_info *info = par->targinfo;
30 30
31 if (info->bitmask & ~EBT_LOG_MASK) 31 if (info->bitmask & ~EBT_LOG_MASK)
32 return false; 32 return -EINVAL;
33 if (info->loglevel >= 8) 33 if (info->loglevel >= 8)
34 return false; 34 return -EINVAL;
35 info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; 35 info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0';
36 return true; 36 return 0;
37} 37}
38 38
39struct tcpudphdr 39struct tcpudphdr
@@ -171,7 +171,7 @@ out:
171} 171}
172 172
173static unsigned int 173static unsigned int
174ebt_log_tg(struct sk_buff *skb, const struct xt_target_param *par) 174ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par)
175{ 175{
176 const struct ebt_log_info *info = par->targinfo; 176 const struct ebt_log_info *info = par->targinfo;
177 struct nf_loginfo li; 177 struct nf_loginfo li;
diff --git a/net/bridge/netfilter/ebt_mark.c b/net/bridge/netfilter/ebt_mark.c
index 2b5ce533d6b..66697cbd0a8 100644
--- a/net/bridge/netfilter/ebt_mark.c
+++ b/net/bridge/netfilter/ebt_mark.c
@@ -19,7 +19,7 @@
19#include <linux/netfilter_bridge/ebt_mark_t.h> 19#include <linux/netfilter_bridge/ebt_mark_t.h>
20 20
21static unsigned int 21static unsigned int
22ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par) 22ebt_mark_tg(struct sk_buff *skb, const struct xt_action_param *par)
23{ 23{
24 const struct ebt_mark_t_info *info = par->targinfo; 24 const struct ebt_mark_t_info *info = par->targinfo;
25 int action = info->target & -16; 25 int action = info->target & -16;
@@ -36,21 +36,21 @@ ebt_mark_tg(struct sk_buff *skb, const struct xt_target_param *par)
36 return info->target | ~EBT_VERDICT_BITS; 36 return info->target | ~EBT_VERDICT_BITS;
37} 37}
38 38
39static bool ebt_mark_tg_check(const struct xt_tgchk_param *par) 39static int ebt_mark_tg_check(const struct xt_tgchk_param *par)
40{ 40{
41 const struct ebt_mark_t_info *info = par->targinfo; 41 const struct ebt_mark_t_info *info = par->targinfo;
42 int tmp; 42 int tmp;
43 43
44 tmp = info->target | ~EBT_VERDICT_BITS; 44 tmp = info->target | ~EBT_VERDICT_BITS;
45 if (BASE_CHAIN && tmp == EBT_RETURN) 45 if (BASE_CHAIN && tmp == EBT_RETURN)
46 return false; 46 return -EINVAL;
47 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) 47 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
48 return false; 48 return -EINVAL;
49 tmp = info->target & ~EBT_VERDICT_BITS; 49 tmp = info->target & ~EBT_VERDICT_BITS;
50 if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE && 50 if (tmp != MARK_SET_VALUE && tmp != MARK_OR_VALUE &&
51 tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE) 51 tmp != MARK_AND_VALUE && tmp != MARK_XOR_VALUE)
52 return false; 52 return -EINVAL;
53 return true; 53 return 0;
54} 54}
55#ifdef CONFIG_COMPAT 55#ifdef CONFIG_COMPAT
56struct compat_ebt_mark_t_info { 56struct compat_ebt_mark_t_info {
diff --git a/net/bridge/netfilter/ebt_mark_m.c b/net/bridge/netfilter/ebt_mark_m.c
index 8de8c396d91..d98baefc4c7 100644
--- a/net/bridge/netfilter/ebt_mark_m.c
+++ b/net/bridge/netfilter/ebt_mark_m.c
@@ -13,7 +13,7 @@
13#include <linux/netfilter_bridge/ebt_mark_m.h> 13#include <linux/netfilter_bridge/ebt_mark_m.h>
14 14
15static bool 15static bool
16ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par) 16ebt_mark_mt(const struct sk_buff *skb, struct xt_action_param *par)
17{ 17{
18 const struct ebt_mark_m_info *info = par->matchinfo; 18 const struct ebt_mark_m_info *info = par->matchinfo;
19 19
@@ -22,17 +22,17 @@ ebt_mark_mt(const struct sk_buff *skb, const struct xt_match_param *par)
22 return ((skb->mark & info->mask) == info->mark) ^ info->invert; 22 return ((skb->mark & info->mask) == info->mark) ^ info->invert;
23} 23}
24 24
25static bool ebt_mark_mt_check(const struct xt_mtchk_param *par) 25static int ebt_mark_mt_check(const struct xt_mtchk_param *par)
26{ 26{
27 const struct ebt_mark_m_info *info = par->matchinfo; 27 const struct ebt_mark_m_info *info = par->matchinfo;
28 28
29 if (info->bitmask & ~EBT_MARK_MASK) 29 if (info->bitmask & ~EBT_MARK_MASK)
30 return false; 30 return -EINVAL;
31 if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) 31 if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND))
32 return false; 32 return -EINVAL;
33 if (!info->bitmask) 33 if (!info->bitmask)
34 return false; 34 return -EINVAL;
35 return true; 35 return 0;
36} 36}
37 37
38 38
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
index 40dbd248b9a..5be68bbcc34 100644
--- a/net/bridge/netfilter/ebt_nflog.c
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -20,7 +20,7 @@
20#include <net/netfilter/nf_log.h> 20#include <net/netfilter/nf_log.h>
21 21
22static unsigned int 22static unsigned int
23ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par) 23ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)
24{ 24{
25 const struct ebt_nflog_info *info = par->targinfo; 25 const struct ebt_nflog_info *info = par->targinfo;
26 struct nf_loginfo li; 26 struct nf_loginfo li;
@@ -35,14 +35,14 @@ ebt_nflog_tg(struct sk_buff *skb, const struct xt_target_param *par)
35 return EBT_CONTINUE; 35 return EBT_CONTINUE;
36} 36}
37 37
38static bool ebt_nflog_tg_check(const struct xt_tgchk_param *par) 38static int ebt_nflog_tg_check(const struct xt_tgchk_param *par)
39{ 39{
40 struct ebt_nflog_info *info = par->targinfo; 40 struct ebt_nflog_info *info = par->targinfo;
41 41
42 if (info->flags & ~EBT_NFLOG_MASK) 42 if (info->flags & ~EBT_NFLOG_MASK)
43 return false; 43 return -EINVAL;
44 info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; 44 info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0';
45 return true; 45 return 0;
46} 46}
47 47
48static struct xt_target ebt_nflog_tg_reg __read_mostly = { 48static struct xt_target ebt_nflog_tg_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_pkttype.c b/net/bridge/netfilter/ebt_pkttype.c
index e2a07e6cbef..496a5651530 100644
--- a/net/bridge/netfilter/ebt_pkttype.c
+++ b/net/bridge/netfilter/ebt_pkttype.c
@@ -13,21 +13,21 @@
13#include <linux/netfilter_bridge/ebt_pkttype.h> 13#include <linux/netfilter_bridge/ebt_pkttype.h>
14 14
15static bool 15static bool
16ebt_pkttype_mt(const struct sk_buff *skb, const struct xt_match_param *par) 16ebt_pkttype_mt(const struct sk_buff *skb, struct xt_action_param *par)
17{ 17{
18 const struct ebt_pkttype_info *info = par->matchinfo; 18 const struct ebt_pkttype_info *info = par->matchinfo;
19 19
20 return (skb->pkt_type == info->pkt_type) ^ info->invert; 20 return (skb->pkt_type == info->pkt_type) ^ info->invert;
21} 21}
22 22
23static bool ebt_pkttype_mt_check(const struct xt_mtchk_param *par) 23static int ebt_pkttype_mt_check(const struct xt_mtchk_param *par)
24{ 24{
25 const struct ebt_pkttype_info *info = par->matchinfo; 25 const struct ebt_pkttype_info *info = par->matchinfo;
26 26
27 if (info->invert != 0 && info->invert != 1) 27 if (info->invert != 0 && info->invert != 1)
28 return false; 28 return -EINVAL;
29 /* Allow any pkt_type value */ 29 /* Allow any pkt_type value */
30 return true; 30 return 0;
31} 31}
32 32
33static struct xt_match ebt_pkttype_mt_reg __read_mostly = { 33static struct xt_match ebt_pkttype_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_redirect.c b/net/bridge/netfilter/ebt_redirect.c
index 9be8fbcd370..9e19166ba45 100644
--- a/net/bridge/netfilter/ebt_redirect.c
+++ b/net/bridge/netfilter/ebt_redirect.c
@@ -16,7 +16,7 @@
16#include <linux/netfilter_bridge/ebt_redirect.h> 16#include <linux/netfilter_bridge/ebt_redirect.h>
17 17
18static unsigned int 18static unsigned int
19ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par) 19ebt_redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
20{ 20{
21 const struct ebt_redirect_info *info = par->targinfo; 21 const struct ebt_redirect_info *info = par->targinfo;
22 22
@@ -32,23 +32,23 @@ ebt_redirect_tg(struct sk_buff *skb, const struct xt_target_param *par)
32 return info->target; 32 return info->target;
33} 33}
34 34
35static bool ebt_redirect_tg_check(const struct xt_tgchk_param *par) 35static int ebt_redirect_tg_check(const struct xt_tgchk_param *par)
36{ 36{
37 const struct ebt_redirect_info *info = par->targinfo; 37 const struct ebt_redirect_info *info = par->targinfo;
38 unsigned int hook_mask; 38 unsigned int hook_mask;
39 39
40 if (BASE_CHAIN && info->target == EBT_RETURN) 40 if (BASE_CHAIN && info->target == EBT_RETURN)
41 return false; 41 return -EINVAL;
42 42
43 hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS); 43 hook_mask = par->hook_mask & ~(1 << NF_BR_NUMHOOKS);
44 if ((strcmp(par->table, "nat") != 0 || 44 if ((strcmp(par->table, "nat") != 0 ||
45 hook_mask & ~(1 << NF_BR_PRE_ROUTING)) && 45 hook_mask & ~(1 << NF_BR_PRE_ROUTING)) &&
46 (strcmp(par->table, "broute") != 0 || 46 (strcmp(par->table, "broute") != 0 ||
47 hook_mask & ~(1 << NF_BR_BROUTING))) 47 hook_mask & ~(1 << NF_BR_BROUTING)))
48 return false; 48 return -EINVAL;
49 if (INVALID_TARGET) 49 if (INVALID_TARGET)
50 return false; 50 return -EINVAL;
51 return true; 51 return 0;
52} 52}
53 53
54static struct xt_target ebt_redirect_tg_reg __read_mostly = { 54static struct xt_target ebt_redirect_tg_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_snat.c b/net/bridge/netfilter/ebt_snat.c
index 9c7b520765a..f8f0bd1a1d5 100644
--- a/net/bridge/netfilter/ebt_snat.c
+++ b/net/bridge/netfilter/ebt_snat.c
@@ -17,7 +17,7 @@
17#include <linux/netfilter_bridge/ebt_nat.h> 17#include <linux/netfilter_bridge/ebt_nat.h>
18 18
19static unsigned int 19static unsigned int
20ebt_snat_tg(struct sk_buff *skb, const struct xt_target_param *par) 20ebt_snat_tg(struct sk_buff *skb, const struct xt_action_param *par)
21{ 21{
22 const struct ebt_nat_info *info = par->targinfo; 22 const struct ebt_nat_info *info = par->targinfo;
23 23
@@ -42,21 +42,21 @@ out:
42 return info->target | ~EBT_VERDICT_BITS; 42 return info->target | ~EBT_VERDICT_BITS;
43} 43}
44 44
45static bool ebt_snat_tg_check(const struct xt_tgchk_param *par) 45static int ebt_snat_tg_check(const struct xt_tgchk_param *par)
46{ 46{
47 const struct ebt_nat_info *info = par->targinfo; 47 const struct ebt_nat_info *info = par->targinfo;
48 int tmp; 48 int tmp;
49 49
50 tmp = info->target | ~EBT_VERDICT_BITS; 50 tmp = info->target | ~EBT_VERDICT_BITS;
51 if (BASE_CHAIN && tmp == EBT_RETURN) 51 if (BASE_CHAIN && tmp == EBT_RETURN)
52 return false; 52 return -EINVAL;
53 53
54 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0) 54 if (tmp < -NUM_STANDARD_TARGETS || tmp >= 0)
55 return false; 55 return -EINVAL;
56 tmp = info->target | EBT_VERDICT_BITS; 56 tmp = info->target | EBT_VERDICT_BITS;
57 if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT) 57 if ((tmp & ~NAT_ARP_BIT) != ~NAT_ARP_BIT)
58 return false; 58 return -EINVAL;
59 return true; 59 return 0;
60} 60}
61 61
62static struct xt_target ebt_snat_tg_reg __read_mostly = { 62static struct xt_target ebt_snat_tg_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_stp.c b/net/bridge/netfilter/ebt_stp.c
index 92a93d36376..5b33a2e634a 100644
--- a/net/bridge/netfilter/ebt_stp.c
+++ b/net/bridge/netfilter/ebt_stp.c
@@ -120,7 +120,7 @@ static bool ebt_filter_config(const struct ebt_stp_info *info,
120} 120}
121 121
122static bool 122static bool
123ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par) 123ebt_stp_mt(const struct sk_buff *skb, struct xt_action_param *par)
124{ 124{
125 const struct ebt_stp_info *info = par->matchinfo; 125 const struct ebt_stp_info *info = par->matchinfo;
126 const struct stp_header *sp; 126 const struct stp_header *sp;
@@ -153,7 +153,7 @@ ebt_stp_mt(const struct sk_buff *skb, const struct xt_match_param *par)
153 return true; 153 return true;
154} 154}
155 155
156static bool ebt_stp_mt_check(const struct xt_mtchk_param *par) 156static int ebt_stp_mt_check(const struct xt_mtchk_param *par)
157{ 157{
158 const struct ebt_stp_info *info = par->matchinfo; 158 const struct ebt_stp_info *info = par->matchinfo;
159 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00}; 159 const uint8_t bridge_ula[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x00};
@@ -162,13 +162,13 @@ static bool ebt_stp_mt_check(const struct xt_mtchk_param *par)
162 162
163 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || 163 if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK ||
164 !(info->bitmask & EBT_STP_MASK)) 164 !(info->bitmask & EBT_STP_MASK))
165 return false; 165 return -EINVAL;
166 /* Make sure the match only receives stp frames */ 166 /* Make sure the match only receives stp frames */
167 if (compare_ether_addr(e->destmac, bridge_ula) || 167 if (compare_ether_addr(e->destmac, bridge_ula) ||
168 compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC)) 168 compare_ether_addr(e->destmsk, msk) || !(e->bitmask & EBT_DESTMAC))
169 return false; 169 return -EINVAL;
170 170
171 return true; 171 return 0;
172} 172}
173 173
174static struct xt_match ebt_stp_mt_reg __read_mostly = { 174static struct xt_match ebt_stp_mt_reg __read_mostly = {
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index f9560f3dbdc..ae3c7cef148 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -27,7 +27,7 @@
27 * flushed even if it is not full yet. 27 * flushed even if it is not full yet.
28 * 28 *
29 */ 29 */
30 30#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
31#include <linux/module.h> 31#include <linux/module.h>
32#include <linux/slab.h> 32#include <linux/slab.h>
33#include <linux/spinlock.h> 33#include <linux/spinlock.h>
@@ -44,9 +44,6 @@
44#include <net/sock.h> 44#include <net/sock.h>
45#include "../br_private.h" 45#include "../br_private.h"
46 46
47#define PRINTR(format, args...) do { if (net_ratelimit()) \
48 printk(format , ## args); } while (0)
49
50static unsigned int nlbufsiz = NLMSG_GOODSIZE; 47static unsigned int nlbufsiz = NLMSG_GOODSIZE;
51module_param(nlbufsiz, uint, 0600); 48module_param(nlbufsiz, uint, 0600);
52MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) " 49MODULE_PARM_DESC(nlbufsiz, "netlink buffer size (number of bytes) "
@@ -107,15 +104,14 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
107 n = max(size, nlbufsiz); 104 n = max(size, nlbufsiz);
108 skb = alloc_skb(n, GFP_ATOMIC); 105 skb = alloc_skb(n, GFP_ATOMIC);
109 if (!skb) { 106 if (!skb) {
110 PRINTR(KERN_ERR "ebt_ulog: can't alloc whole buffer " 107 pr_debug("cannot alloc whole buffer of size %ub!\n", n);
111 "of size %ub!\n", n);
112 if (n > size) { 108 if (n > size) {
113 /* try to allocate only as much as we need for 109 /* try to allocate only as much as we need for
114 * current packet */ 110 * current packet */
115 skb = alloc_skb(size, GFP_ATOMIC); 111 skb = alloc_skb(size, GFP_ATOMIC);
116 if (!skb) 112 if (!skb)
117 PRINTR(KERN_ERR "ebt_ulog: can't even allocate " 113 pr_debug("cannot even allocate "
118 "buffer of size %ub\n", size); 114 "buffer of size %ub\n", size);
119 } 115 }
120 } 116 }
121 117
@@ -142,8 +138,7 @@ static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
142 138
143 size = NLMSG_SPACE(sizeof(*pm) + copy_len); 139 size = NLMSG_SPACE(sizeof(*pm) + copy_len);
144 if (size > nlbufsiz) { 140 if (size > nlbufsiz) {
145 PRINTR("ebt_ulog: Size %Zd needed, but nlbufsiz=%d\n", 141 pr_debug("Size %Zd needed, but nlbufsiz=%d\n", size, nlbufsiz);
146 size, nlbufsiz);
147 return; 142 return;
148 } 143 }
149 144
@@ -217,8 +212,8 @@ unlock:
217 return; 212 return;
218 213
219nlmsg_failure: 214nlmsg_failure:
220 printk(KERN_CRIT "ebt_ulog: error during NLMSG_PUT. This should " 215 pr_debug("error during NLMSG_PUT. This should "
221 "not happen, please report to author.\n"); 216 "not happen, please report to author.\n");
222 goto unlock; 217 goto unlock;
223alloc_failure: 218alloc_failure:
224 goto unlock; 219 goto unlock;
@@ -248,26 +243,26 @@ static void ebt_log_packet(u_int8_t pf, unsigned int hooknum,
248} 243}
249 244
250static unsigned int 245static unsigned int
251ebt_ulog_tg(struct sk_buff *skb, const struct xt_target_param *par) 246ebt_ulog_tg(struct sk_buff *skb, const struct xt_action_param *par)
252{ 247{
253 ebt_ulog_packet(par->hooknum, skb, par->in, par->out, 248 ebt_ulog_packet(par->hooknum, skb, par->in, par->out,
254 par->targinfo, NULL); 249 par->targinfo, NULL);
255 return EBT_CONTINUE; 250 return EBT_CONTINUE;
256} 251}
257 252
258static bool ebt_ulog_tg_check(const struct xt_tgchk_param *par) 253static int ebt_ulog_tg_check(const struct xt_tgchk_param *par)
259{ 254{
260 struct ebt_ulog_info *uloginfo = par->targinfo; 255 struct ebt_ulog_info *uloginfo = par->targinfo;
261 256
262 if (uloginfo->nlgroup > 31) 257 if (uloginfo->nlgroup > 31)
263 return false; 258 return -EINVAL;
264 259
265 uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0'; 260 uloginfo->prefix[EBT_ULOG_PREFIX_LEN - 1] = '\0';
266 261
267 if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN) 262 if (uloginfo->qthreshold > EBT_ULOG_MAX_QLEN)
268 uloginfo->qthreshold = EBT_ULOG_MAX_QLEN; 263 uloginfo->qthreshold = EBT_ULOG_MAX_QLEN;
269 264
270 return true; 265 return 0;
271} 266}
272 267
273static struct xt_target ebt_ulog_tg_reg __read_mostly = { 268static struct xt_target ebt_ulog_tg_reg __read_mostly = {
@@ -292,8 +287,8 @@ static int __init ebt_ulog_init(void)
292 int i; 287 int i;
293 288
294 if (nlbufsiz >= 128*1024) { 289 if (nlbufsiz >= 128*1024) {
295 printk(KERN_NOTICE "ebt_ulog: Netlink buffer has to be <= 128kB," 290 pr_warning("Netlink buffer has to be <= 128kB,"
296 " please try a smaller nlbufsiz parameter.\n"); 291 " please try a smaller nlbufsiz parameter.\n");
297 return -EINVAL; 292 return -EINVAL;
298 } 293 }
299 294
@@ -306,13 +301,10 @@ static int __init ebt_ulog_init(void)
306 ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG, 301 ebtulognl = netlink_kernel_create(&init_net, NETLINK_NFLOG,
307 EBT_ULOG_MAXNLGROUPS, NULL, NULL, 302 EBT_ULOG_MAXNLGROUPS, NULL, NULL,
308 THIS_MODULE); 303 THIS_MODULE);
309 if (!ebtulognl) { 304 if (!ebtulognl)
310 printk(KERN_WARNING KBUILD_MODNAME ": out of memory trying to "
311 "call netlink_kernel_create\n");
312 ret = -ENOMEM; 305 ret = -ENOMEM;
313 } else if ((ret = xt_register_target(&ebt_ulog_tg_reg)) != 0) { 306 else if ((ret = xt_register_target(&ebt_ulog_tg_reg)) != 0)
314 netlink_kernel_release(ebtulognl); 307 netlink_kernel_release(ebtulognl);
315 }
316 308
317 if (ret == 0) 309 if (ret == 0)
318 nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger); 310 nf_log_register(NFPROTO_BRIDGE, &ebt_ulog_logger);
diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
index be1dd2e1f61..87b53b3a921 100644
--- a/net/bridge/netfilter/ebt_vlan.c
+++ b/net/bridge/netfilter/ebt_vlan.c
@@ -26,22 +26,17 @@
26#include <linux/netfilter_bridge/ebtables.h> 26#include <linux/netfilter_bridge/ebtables.h>
27#include <linux/netfilter_bridge/ebt_vlan.h> 27#include <linux/netfilter_bridge/ebt_vlan.h>
28 28
29static int debug;
30#define MODULE_VERS "0.6" 29#define MODULE_VERS "0.6"
31 30
32module_param(debug, int, 0);
33MODULE_PARM_DESC(debug, "debug=1 is turn on debug messages");
34MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>"); 31MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>");
35MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match"); 32MODULE_DESCRIPTION("Ebtables: 802.1Q VLAN tag match");
36MODULE_LICENSE("GPL"); 33MODULE_LICENSE("GPL");
37 34
38
39#define DEBUG_MSG(args...) if (debug) printk (KERN_DEBUG "ebt_vlan: " args)
40#define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ 35#define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_
41#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; } 36#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) {if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return false; }
42 37
43static bool 38static bool
44ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par) 39ebt_vlan_mt(const struct sk_buff *skb, struct xt_action_param *par)
45{ 40{
46 const struct ebt_vlan_info *info = par->matchinfo; 41 const struct ebt_vlan_info *info = par->matchinfo;
47 const struct vlan_hdr *fp; 42 const struct vlan_hdr *fp;
@@ -84,32 +79,31 @@ ebt_vlan_mt(const struct sk_buff *skb, const struct xt_match_param *par)
84 return true; 79 return true;
85} 80}
86 81
87static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par) 82static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
88{ 83{
89 struct ebt_vlan_info *info = par->matchinfo; 84 struct ebt_vlan_info *info = par->matchinfo;
90 const struct ebt_entry *e = par->entryinfo; 85 const struct ebt_entry *e = par->entryinfo;
91 86
92 /* Is it 802.1Q frame checked? */ 87 /* Is it 802.1Q frame checked? */
93 if (e->ethproto != htons(ETH_P_8021Q)) { 88 if (e->ethproto != htons(ETH_P_8021Q)) {
94 DEBUG_MSG 89 pr_debug("passed entry proto %2.4X is not 802.1Q (8100)\n",
95 ("passed entry proto %2.4X is not 802.1Q (8100)\n", 90 ntohs(e->ethproto));
96 (unsigned short) ntohs(e->ethproto)); 91 return -EINVAL;
97 return false;
98 } 92 }
99 93
100 /* Check for bitmask range 94 /* Check for bitmask range
101 * True if even one bit is out of mask */ 95 * True if even one bit is out of mask */
102 if (info->bitmask & ~EBT_VLAN_MASK) { 96 if (info->bitmask & ~EBT_VLAN_MASK) {
103 DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", 97 pr_debug("bitmask %2X is out of mask (%2X)\n",
104 info->bitmask, EBT_VLAN_MASK); 98 info->bitmask, EBT_VLAN_MASK);
105 return false; 99 return -EINVAL;
106 } 100 }
107 101
108 /* Check for inversion flags range */ 102 /* Check for inversion flags range */
109 if (info->invflags & ~EBT_VLAN_MASK) { 103 if (info->invflags & ~EBT_VLAN_MASK) {
110 DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", 104 pr_debug("inversion flags %2X is out of mask (%2X)\n",
111 info->invflags, EBT_VLAN_MASK); 105 info->invflags, EBT_VLAN_MASK);
112 return false; 106 return -EINVAL;
113 } 107 }
114 108
115 /* Reserved VLAN ID (VID) values 109 /* Reserved VLAN ID (VID) values
@@ -121,10 +115,9 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
121 if (GET_BITMASK(EBT_VLAN_ID)) { 115 if (GET_BITMASK(EBT_VLAN_ID)) {
122 if (!!info->id) { /* if id!=0 => check vid range */ 116 if (!!info->id) { /* if id!=0 => check vid range */
123 if (info->id > VLAN_GROUP_ARRAY_LEN) { 117 if (info->id > VLAN_GROUP_ARRAY_LEN) {
124 DEBUG_MSG 118 pr_debug("id %d is out of range (1-4096)\n",
125 ("id %d is out of range (1-4096)\n", 119 info->id);
126 info->id); 120 return -EINVAL;
127 return false;
128 } 121 }
129 /* Note: This is valid VLAN-tagged frame point. 122 /* Note: This is valid VLAN-tagged frame point.
130 * Any value of user_priority are acceptable, 123 * Any value of user_priority are acceptable,
@@ -137,9 +130,9 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
137 130
138 if (GET_BITMASK(EBT_VLAN_PRIO)) { 131 if (GET_BITMASK(EBT_VLAN_PRIO)) {
139 if ((unsigned char) info->prio > 7) { 132 if ((unsigned char) info->prio > 7) {
140 DEBUG_MSG("prio %d is out of range (0-7)\n", 133 pr_debug("prio %d is out of range (0-7)\n",
141 info->prio); 134 info->prio);
142 return false; 135 return -EINVAL;
143 } 136 }
144 } 137 }
145 /* Check for encapsulated proto range - it is possible to be 138 /* Check for encapsulated proto range - it is possible to be
@@ -147,14 +140,13 @@ static bool ebt_vlan_mt_check(const struct xt_mtchk_param *par)
147 * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */ 140 * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS */
148 if (GET_BITMASK(EBT_VLAN_ENCAP)) { 141 if (GET_BITMASK(EBT_VLAN_ENCAP)) {
149 if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) { 142 if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) {
150 DEBUG_MSG 143 pr_debug("encap frame length %d is less than "
151 ("encap frame length %d is less than minimal\n", 144 "minimal\n", ntohs(info->encap));
152 ntohs(info->encap)); 145 return -EINVAL;
153 return false;
154 } 146 }
155 } 147 }
156 148
157 return true; 149 return 0;
158} 150}
159 151
160static struct xt_match ebt_vlan_mt_reg __read_mostly = { 152static struct xt_match ebt_vlan_mt_reg __read_mostly = {
@@ -169,9 +161,7 @@ static struct xt_match ebt_vlan_mt_reg __read_mostly = {
169 161
170static int __init ebt_vlan_init(void) 162static int __init ebt_vlan_init(void)
171{ 163{
172 DEBUG_MSG("ebtables 802.1Q extension module v" 164 pr_debug("ebtables 802.1Q extension module v" MODULE_VERS "\n");
173 MODULE_VERS "\n");
174 DEBUG_MSG("module debug=%d\n", !!debug);
175 return xt_register_match(&ebt_vlan_mt_reg); 165 return xt_register_match(&ebt_vlan_mt_reg);
176} 166}
177 167
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index f0865fd1e3e..59ca00e40de 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -14,8 +14,7 @@
14 * as published by the Free Software Foundation; either version 14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version. 15 * 2 of the License, or (at your option) any later version.
16 */ 16 */
17 17#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
18
19#include <linux/kmod.h> 18#include <linux/kmod.h>
20#include <linux/module.h> 19#include <linux/module.h>
21#include <linux/vmalloc.h> 20#include <linux/vmalloc.h>
@@ -87,7 +86,7 @@ static struct xt_target ebt_standard_target = {
87 86
88static inline int 87static inline int
89ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb, 88ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
90 struct xt_target_param *par) 89 struct xt_action_param *par)
91{ 90{
92 par->target = w->u.watcher; 91 par->target = w->u.watcher;
93 par->targinfo = w->data; 92 par->targinfo = w->data;
@@ -96,8 +95,9 @@ ebt_do_watcher(const struct ebt_entry_watcher *w, struct sk_buff *skb,
96 return 0; 95 return 0;
97} 96}
98 97
99static inline int ebt_do_match (struct ebt_entry_match *m, 98static inline int
100 const struct sk_buff *skb, struct xt_match_param *par) 99ebt_do_match(struct ebt_entry_match *m, const struct sk_buff *skb,
100 struct xt_action_param *par)
101{ 101{
102 par->match = m->u.match; 102 par->match = m->u.match;
103 par->matchinfo = m->data; 103 par->matchinfo = m->data;
@@ -186,15 +186,13 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
186 struct ebt_entries *chaininfo; 186 struct ebt_entries *chaininfo;
187 const char *base; 187 const char *base;
188 const struct ebt_table_info *private; 188 const struct ebt_table_info *private;
189 bool hotdrop = false; 189 struct xt_action_param acpar;
190 struct xt_match_param mtpar;
191 struct xt_target_param tgpar;
192 190
193 mtpar.family = tgpar.family = NFPROTO_BRIDGE; 191 acpar.family = NFPROTO_BRIDGE;
194 mtpar.in = tgpar.in = in; 192 acpar.in = in;
195 mtpar.out = tgpar.out = out; 193 acpar.out = out;
196 mtpar.hotdrop = &hotdrop; 194 acpar.hotdrop = false;
197 mtpar.hooknum = tgpar.hooknum = hook; 195 acpar.hooknum = hook;
198 196
199 read_lock_bh(&table->lock); 197 read_lock_bh(&table->lock);
200 private = table->private; 198 private = table->private;
@@ -215,9 +213,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
215 if (ebt_basic_match(point, eth_hdr(skb), in, out)) 213 if (ebt_basic_match(point, eth_hdr(skb), in, out))
216 goto letscontinue; 214 goto letscontinue;
217 215
218 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &mtpar) != 0) 216 if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, &acpar) != 0)
219 goto letscontinue; 217 goto letscontinue;
220 if (hotdrop) { 218 if (acpar.hotdrop) {
221 read_unlock_bh(&table->lock); 219 read_unlock_bh(&table->lock);
222 return NF_DROP; 220 return NF_DROP;
223 } 221 }
@@ -228,7 +226,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
228 226
229 /* these should only watch: not modify, nor tell us 227 /* these should only watch: not modify, nor tell us
230 what to do with the packet */ 228 what to do with the packet */
231 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &tgpar); 229 EBT_WATCHER_ITERATE(point, ebt_do_watcher, skb, &acpar);
232 230
233 t = (struct ebt_entry_target *) 231 t = (struct ebt_entry_target *)
234 (((char *)point) + point->target_offset); 232 (((char *)point) + point->target_offset);
@@ -236,9 +234,9 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,
236 if (!t->u.target->target) 234 if (!t->u.target->target)
237 verdict = ((struct ebt_standard_target *)t)->verdict; 235 verdict = ((struct ebt_standard_target *)t)->verdict;
238 else { 236 else {
239 tgpar.target = t->u.target; 237 acpar.target = t->u.target;
240 tgpar.targinfo = t->data; 238 acpar.targinfo = t->data;
241 verdict = t->u.target->target(skb, &tgpar); 239 verdict = t->u.target->target(skb, &acpar);
242 } 240 }
243 if (verdict == EBT_ACCEPT) { 241 if (verdict == EBT_ACCEPT) {
244 read_unlock_bh(&table->lock); 242 read_unlock_bh(&table->lock);
@@ -363,12 +361,9 @@ ebt_check_match(struct ebt_entry_match *m, struct xt_mtchk_param *par,
363 left - sizeof(struct ebt_entry_match) < m->match_size) 361 left - sizeof(struct ebt_entry_match) < m->match_size)
364 return -EINVAL; 362 return -EINVAL;
365 363
366 match = try_then_request_module(xt_find_match(NFPROTO_BRIDGE, 364 match = xt_request_find_match(NFPROTO_BRIDGE, m->u.name, 0);
367 m->u.name, 0), "ebt_%s", m->u.name);
368 if (IS_ERR(match)) 365 if (IS_ERR(match))
369 return PTR_ERR(match); 366 return PTR_ERR(match);
370 if (match == NULL)
371 return -ENOENT;
372 m->u.match = match; 367 m->u.match = match;
373 368
374 par->match = match; 369 par->match = match;
@@ -397,13 +392,9 @@ ebt_check_watcher(struct ebt_entry_watcher *w, struct xt_tgchk_param *par,
397 left - sizeof(struct ebt_entry_watcher) < w->watcher_size) 392 left - sizeof(struct ebt_entry_watcher) < w->watcher_size)
398 return -EINVAL; 393 return -EINVAL;
399 394
400 watcher = try_then_request_module( 395 watcher = xt_request_find_target(NFPROTO_BRIDGE, w->u.name, 0);
401 xt_find_target(NFPROTO_BRIDGE, w->u.name, 0),
402 "ebt_%s", w->u.name);
403 if (IS_ERR(watcher)) 396 if (IS_ERR(watcher))
404 return PTR_ERR(watcher); 397 return PTR_ERR(watcher);
405 if (watcher == NULL)
406 return -ENOENT;
407 w->u.watcher = watcher; 398 w->u.watcher = watcher;
408 399
409 par->target = watcher; 400 par->target = watcher;
@@ -716,15 +707,10 @@ ebt_check_entry(struct ebt_entry *e, struct net *net,
716 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 707 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
717 gap = e->next_offset - e->target_offset; 708 gap = e->next_offset - e->target_offset;
718 709
719 target = try_then_request_module( 710 target = xt_request_find_target(NFPROTO_BRIDGE, t->u.name, 0);
720 xt_find_target(NFPROTO_BRIDGE, t->u.name, 0),
721 "ebt_%s", t->u.name);
722 if (IS_ERR(target)) { 711 if (IS_ERR(target)) {
723 ret = PTR_ERR(target); 712 ret = PTR_ERR(target);
724 goto cleanup_watchers; 713 goto cleanup_watchers;
725 } else if (target == NULL) {
726 ret = -ENOENT;
727 goto cleanup_watchers;
728 } 714 }
729 715
730 t->u.target = target; 716 t->u.target = target;
@@ -2128,7 +2114,7 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base,
2128 return ret; 2114 return ret;
2129 new_offset += ret; 2115 new_offset += ret;
2130 if (offsets_update && new_offset) { 2116 if (offsets_update && new_offset) {
2131 pr_debug("ebtables: change offset %d to %d\n", 2117 pr_debug("change offset %d to %d\n",
2132 offsets_update[i], offsets[j] + new_offset); 2118 offsets_update[i], offsets[j] + new_offset);
2133 offsets_update[i] = offsets[j] + new_offset; 2119 offsets_update[i] = offsets[j] + new_offset;
2134 } 2120 }