[NETFILTER]: add correct bridging support to nfnetlink_{queue,log}

This patch adds support for passing the real 'physical' device ifindex down to userspace via nfnetlink_log and nfnetlink_queue. This feature basically obsoletes net/bridge/netfilter/ebt_ulog.c, and it is likely ebt_ulog.c will die with one of the next couple of patches. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-08-09 23:22:10 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2005-08-29 18:51:15 -0400
commit: fbcd923c3e0c8ec9e4ed64f5a4e5766807b32729 (patch)
tree: 68aa12364efe574d3c8fa667ad088c8746843a5d /net/netfilter/nfnetlink_queue.c
parent: f6ebe77f955d77a988ce726f0818ec0103b11323 (diff)
1 files changed, 58 insertions, 0 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 04323ee1eb8..bf9223084b4 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -30,6 +30,10 @@
 #include <asm/atomic.h>
+#ifdef CONFIG_BRIDGE_NETFILTER
+#include "../bridge/br_private.h"
+#endif
 #define NFQNL_QMAX_DEFAULT 1024
 #if 0
@@ -361,6 +365,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
        size =    NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
                + NLMSG_SPACE(sizeof(u_int32_t))        /* ifindex */
                + NLMSG_SPACE(sizeof(u_int32_t))        /* ifindex */
+#ifdef CONFIG_BRIDGE_NETFILTER
+                + NLMSG_SPACE(sizeof(u_int32_t))        /* ifindex */
+                + NLMSG_SPACE(sizeof(u_int32_t))        /* ifindex */
+#endif
                + NLMSG_SPACE(sizeof(u_int32_t))        /* mark */
                + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw))
                + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
@@ -412,12 +420,62 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
        if (entry->info->indev) {
                tmp_uint = htonl(entry->info->indev->ifindex);
+#ifndef CONFIG_BRIDGE_NETFILTER
                NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint);
+#else
+                if (entry->info->pf == PF_BRIDGE) {
+                        /* Case 1: indev is physical input device, we need to
+                         * look for bridge group (when called from 
+                         * netfilter_bridge) */
+                        NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), 
+                                &tmp_uint);
+                        /* this is the bridge group "brX" */
+                        tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex);
+                        NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
+                                &tmp_uint);
+                } else {
+                        /* Case 2: indev is bridge group, we need to look for
+                         * physical device (when called from ipv4) */
+                        NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
+                                &tmp_uint);
+                        if (entry->skb->nf_bridge
+                            && entry->skb->nf_bridge->physindev) {
+                                tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex);
+                                NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV,
+                                        sizeof(tmp_uint), &tmp_uint);
+                        }
+                }
+#endif
        }
        if (entry->info->outdev) {
                tmp_uint = htonl(entry->info->outdev->ifindex);
+#ifndef CONFIG_BRIDGE_NETFILTER
                NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint);
+#else
+                if (entry->info->pf == PF_BRIDGE) {
+                        /* Case 1: outdev is physical output device, we need to
+                         * look for bridge group (when called from 
+                         * netfilter_bridge) */
+                        NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint),
+                                &tmp_uint);
+                        /* this is the bridge group "brX" */
+                        tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex);
+                        NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
+                                &tmp_uint);
+                } else {
+                        /* Case 2: outdev is bridge group, we need to look for
+                         * physical output device (when called from ipv4) */
+                        NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
+                                &tmp_uint);
+                        if (entry->skb->nf_bridge
+                            && entry->skb->nf_bridge->physoutdev) {
+                                tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex);
+                                NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV,
+                                        sizeof(tmp_uint), &tmp_uint);
+                        }
+                }
+#endif
        }
        if (entry->skb->nfmark) {
author	Harald Welte <laforge@netfilter.org>	2005-08-09 23:22:10 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2005-08-29 18:51:15 -0400
commit	fbcd923c3e0c8ec9e4ed64f5a4e5766807b32729 (patch)
tree	68aa12364efe574d3c8fa667ad088c8746843a5d /net/netfilter/nfnetlink_queue.c
parent	f6ebe77f955d77a988ce726f0818ec0103b11323 (diff)

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 04323ee1eb8..bf9223084b4 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c
@@ -30,6 +30,10 @@
30		30
31	#include <asm/atomic.h>	31	#include <asm/atomic.h>
32		32
		33	#ifdef CONFIG_BRIDGE_NETFILTER
		34	#include "../bridge/br_private.h"
		35	#endif
		36
33	#define NFQNL_QMAX_DEFAULT 1024	37	#define NFQNL_QMAX_DEFAULT 1024
34		38
35	#if 0	39	#if 0
@@ -361,6 +365,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
361	size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr))	365	size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr))
362	+ NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */	366	+ NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
363	+ NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */	367	+ NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
		368	#ifdef CONFIG_BRIDGE_NETFILTER
		369	+ NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
		370	+ NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */
		371	#endif
364	+ NLMSG_SPACE(sizeof(u_int32_t)) /* mark */	372	+ NLMSG_SPACE(sizeof(u_int32_t)) /* mark */
365	+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw))	373	+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw))
366	+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));	374	+ NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp));
@@ -412,12 +420,62 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
412		420
413	if (entry->info->indev) {	421	if (entry->info->indev) {
414	tmp_uint = htonl(entry->info->indev->ifindex);	422	tmp_uint = htonl(entry->info->indev->ifindex);
		423	#ifndef CONFIG_BRIDGE_NETFILTER
415	NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint);	424	NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint);
		425	#else
		426	if (entry->info->pf == PF_BRIDGE) {
		427	/* Case 1: indev is physical input device, we need to
		428	* look for bridge group (when called from
		429	* netfilter_bridge) */
		430	NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint),
		431	&tmp_uint);
		432	/* this is the bridge group "brX" */
		433	tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex);
		434	NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
		435	&tmp_uint);
		436	} else {
		437	/* Case 2: indev is bridge group, we need to look for
		438	* physical device (when called from ipv4) */
		439	NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint),
		440	&tmp_uint);
		441	if (entry->skb->nf_bridge
		442	&& entry->skb->nf_bridge->physindev) {
		443	tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex);
		444	NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV,
		445	sizeof(tmp_uint), &tmp_uint);
		446	}
		447	}
		448	#endif
416	}	449	}
417		450
418	if (entry->info->outdev) {	451	if (entry->info->outdev) {
419	tmp_uint = htonl(entry->info->outdev->ifindex);	452	tmp_uint = htonl(entry->info->outdev->ifindex);
		453	#ifndef CONFIG_BRIDGE_NETFILTER
420	NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint);	454	NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint);
		455	#else
		456	if (entry->info->pf == PF_BRIDGE) {
		457	/* Case 1: outdev is physical output device, we need to
		458	* look for bridge group (when called from
		459	* netfilter_bridge) */
		460	NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint),
		461	&tmp_uint);
		462	/* this is the bridge group "brX" */
		463	tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex);
		464	NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
		465	&tmp_uint);
		466	} else {
		467	/* Case 2: outdev is bridge group, we need to look for
		468	* physical output device (when called from ipv4) */
		469	NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint),
		470	&tmp_uint);
		471	if (entry->skb->nf_bridge
		472	&& entry->skb->nf_bridge->physoutdev) {
		473	tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex);
		474	NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV,
		475	sizeof(tmp_uint), &tmp_uint);
		476	}
		477	}
		478	#endif
421	}	479	}
422		480
423	if (entry->skb->nfmark) {	481	if (entry->skb->nfmark) {