diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:16 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:16 -0400 |
commit | 5365f8022e04310f0276c95e82548da917d514db (patch) | |
tree | 6a6bb253d83ffe235da2afbe4676d8aa38d57fd1 | |
parent | f2ff525c8dae57b3cda51d76443f60f764f34202 (diff) |
netfilter: implement hotdrop for Ebtables
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r-- | net/bridge/netfilter/ebtables.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index c4f7a2e8ed39..7964d3f03886 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
@@ -78,9 +78,10 @@ static inline int ebt_do_watcher (struct ebt_entry_watcher *w, | |||
78 | 78 | ||
79 | static inline int ebt_do_match (struct ebt_entry_match *m, | 79 | static inline int ebt_do_match (struct ebt_entry_match *m, |
80 | const struct sk_buff *skb, const struct net_device *in, | 80 | const struct sk_buff *skb, const struct net_device *in, |
81 | const struct net_device *out) | 81 | const struct net_device *out, bool *hotdrop) |
82 | { | 82 | { |
83 | return m->u.match->match(skb, in, out, m->u.match, m->data, 0, 0, NULL); | 83 | return m->u.match->match(skb, in, out, m->u.match, |
84 | m->data, 0, 0, hotdrop); | ||
84 | } | 85 | } |
85 | 86 | ||
86 | static inline int ebt_dev_check(char *entry, const struct net_device *device) | 87 | static inline int ebt_dev_check(char *entry, const struct net_device *device) |
@@ -156,6 +157,7 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
156 | struct ebt_entries *chaininfo; | 157 | struct ebt_entries *chaininfo; |
157 | char *base; | 158 | char *base; |
158 | struct ebt_table_info *private; | 159 | struct ebt_table_info *private; |
160 | bool hotdrop = false; | ||
159 | 161 | ||
160 | read_lock_bh(&table->lock); | 162 | read_lock_bh(&table->lock); |
161 | private = table->private; | 163 | private = table->private; |
@@ -176,8 +178,13 @@ unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb, | |||
176 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) | 178 | if (ebt_basic_match(point, eth_hdr(skb), in, out)) |
177 | goto letscontinue; | 179 | goto letscontinue; |
178 | 180 | ||
179 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, in, out) != 0) | 181 | if (EBT_MATCH_ITERATE(point, ebt_do_match, skb, |
182 | in, out, &hotdrop) != 0) | ||
180 | goto letscontinue; | 183 | goto letscontinue; |
184 | if (hotdrop) { | ||
185 | read_unlock_bh(&table->lock); | ||
186 | return NF_DROP; | ||
187 | } | ||
181 | 188 | ||
182 | /* increase counter */ | 189 | /* increase counter */ |
183 | (*(counter_base + i)).pcnt++; | 190 | (*(counter_base + i)).pcnt++; |