diff options
author | Harald Welte <laforge@netfilter.org> | 2005-08-09 23:22:10 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 18:51:15 -0400 |
commit | fbcd923c3e0c8ec9e4ed64f5a4e5766807b32729 (patch) | |
tree | 68aa12364efe574d3c8fa667ad088c8746843a5d /net/netfilter/nfnetlink_queue.c | |
parent | f6ebe77f955d77a988ce726f0818ec0103b11323 (diff) |
[NETFILTER]: add correct bridging support to nfnetlink_{queue,log}
This patch adds support for passing the real 'physical' device ifindex
down to userspace via nfnetlink_log and nfnetlink_queue.
This feature basically obsoletes net/bridge/netfilter/ebt_ulog.c, and
it is likely ebt_ulog.c will die with one of the next couple of
patches.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter/nfnetlink_queue.c')
-rw-r--r-- | net/netfilter/nfnetlink_queue.c | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 04323ee1eb8..bf9223084b4 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c | |||
@@ -30,6 +30,10 @@ | |||
30 | 30 | ||
31 | #include <asm/atomic.h> | 31 | #include <asm/atomic.h> |
32 | 32 | ||
33 | #ifdef CONFIG_BRIDGE_NETFILTER | ||
34 | #include "../bridge/br_private.h" | ||
35 | #endif | ||
36 | |||
33 | #define NFQNL_QMAX_DEFAULT 1024 | 37 | #define NFQNL_QMAX_DEFAULT 1024 |
34 | 38 | ||
35 | #if 0 | 39 | #if 0 |
@@ -361,6 +365,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, | |||
361 | size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) | 365 | size = NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hdr)) |
362 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | 366 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ |
363 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | 367 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ |
368 | #ifdef CONFIG_BRIDGE_NETFILTER | ||
369 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | ||
370 | + NLMSG_SPACE(sizeof(u_int32_t)) /* ifindex */ | ||
371 | #endif | ||
364 | + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ | 372 | + NLMSG_SPACE(sizeof(u_int32_t)) /* mark */ |
365 | + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) | 373 | + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_hw)) |
366 | + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); | 374 | + NLMSG_SPACE(sizeof(struct nfqnl_msg_packet_timestamp)); |
@@ -412,12 +420,62 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, | |||
412 | 420 | ||
413 | if (entry->info->indev) { | 421 | if (entry->info->indev) { |
414 | tmp_uint = htonl(entry->info->indev->ifindex); | 422 | tmp_uint = htonl(entry->info->indev->ifindex); |
423 | #ifndef CONFIG_BRIDGE_NETFILTER | ||
415 | NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); | 424 | NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), &tmp_uint); |
425 | #else | ||
426 | if (entry->info->pf == PF_BRIDGE) { | ||
427 | /* Case 1: indev is physical input device, we need to | ||
428 | * look for bridge group (when called from | ||
429 | * netfilter_bridge) */ | ||
430 | NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, sizeof(tmp_uint), | ||
431 | &tmp_uint); | ||
432 | /* this is the bridge group "brX" */ | ||
433 | tmp_uint = htonl(entry->info->indev->br_port->br->dev->ifindex); | ||
434 | NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), | ||
435 | &tmp_uint); | ||
436 | } else { | ||
437 | /* Case 2: indev is bridge group, we need to look for | ||
438 | * physical device (when called from ipv4) */ | ||
439 | NFA_PUT(skb, NFQA_IFINDEX_INDEV, sizeof(tmp_uint), | ||
440 | &tmp_uint); | ||
441 | if (entry->skb->nf_bridge | ||
442 | && entry->skb->nf_bridge->physindev) { | ||
443 | tmp_uint = htonl(entry->skb->nf_bridge->physindev->ifindex); | ||
444 | NFA_PUT(skb, NFQA_IFINDEX_PHYSINDEV, | ||
445 | sizeof(tmp_uint), &tmp_uint); | ||
446 | } | ||
447 | } | ||
448 | #endif | ||
416 | } | 449 | } |
417 | 450 | ||
418 | if (entry->info->outdev) { | 451 | if (entry->info->outdev) { |
419 | tmp_uint = htonl(entry->info->outdev->ifindex); | 452 | tmp_uint = htonl(entry->info->outdev->ifindex); |
453 | #ifndef CONFIG_BRIDGE_NETFILTER | ||
420 | NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); | 454 | NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), &tmp_uint); |
455 | #else | ||
456 | if (entry->info->pf == PF_BRIDGE) { | ||
457 | /* Case 1: outdev is physical output device, we need to | ||
458 | * look for bridge group (when called from | ||
459 | * netfilter_bridge) */ | ||
460 | NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, sizeof(tmp_uint), | ||
461 | &tmp_uint); | ||
462 | /* this is the bridge group "brX" */ | ||
463 | tmp_uint = htonl(entry->info->outdev->br_port->br->dev->ifindex); | ||
464 | NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), | ||
465 | &tmp_uint); | ||
466 | } else { | ||
467 | /* Case 2: outdev is bridge group, we need to look for | ||
468 | * physical output device (when called from ipv4) */ | ||
469 | NFA_PUT(skb, NFQA_IFINDEX_OUTDEV, sizeof(tmp_uint), | ||
470 | &tmp_uint); | ||
471 | if (entry->skb->nf_bridge | ||
472 | && entry->skb->nf_bridge->physoutdev) { | ||
473 | tmp_uint = htonl(entry->skb->nf_bridge->physoutdev->ifindex); | ||
474 | NFA_PUT(skb, NFQA_IFINDEX_PHYSOUTDEV, | ||
475 | sizeof(tmp_uint), &tmp_uint); | ||
476 | } | ||
477 | } | ||
478 | #endif | ||
421 | } | 479 | } |
422 | 480 | ||
423 | if (entry->skb->nfmark) { | 481 | if (entry->skb->nfmark) { |