aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@osdl.org>2006-03-21 01:58:05 -0500
committerDavid S. Miller <davem@davemloft.net>2006-03-21 01:58:05 -0500
commit8b42ec39264a1e7a508f5d80169a5fb137bcc833 (patch)
tree34962088422c343b4d2494c1dfadf657fc198b42
parentf8a26028611fb93ac935ac32a72793f7fcb56a88 (diff)
[BRIDGE]: netfilter VLAN macro cleanup
Fix the VLAN macros in bridge netfilter code. Macros should not depend on magic variables. Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/bridge/br_netfilter.c50
1 files changed, 27 insertions, 23 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index ea34aa505af2..6fc9ecc4eb39 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -61,15 +61,25 @@ static int brnf_filter_vlan_tagged = 1;
61#define brnf_filter_vlan_tagged 1 61#define brnf_filter_vlan_tagged 1
62#endif 62#endif
63 63
64#define IS_VLAN_IP (skb->protocol == htons(ETH_P_8021Q) && \ 64static __be16 inline vlan_proto(const struct sk_buff *skb)
65 hdr->h_vlan_encapsulated_proto == htons(ETH_P_IP) && \ 65{
66 brnf_filter_vlan_tagged) 66 return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
67#define IS_VLAN_IPV6 (skb->protocol == htons(ETH_P_8021Q) && \ 67}
68 hdr->h_vlan_encapsulated_proto == htons(ETH_P_IPV6) && \ 68
69 brnf_filter_vlan_tagged) 69#define IS_VLAN_IP(skb) \
70#define IS_VLAN_ARP (skb->protocol == htons(ETH_P_8021Q) && \ 70 (skb->protocol == htons(ETH_P_8021Q) && \
71 hdr->h_vlan_encapsulated_proto == htons(ETH_P_ARP) && \ 71 vlan_proto(skb) == htons(ETH_P_IP) && \
72 brnf_filter_vlan_tagged) 72 brnf_filter_vlan_tagged)
73
74#define IS_VLAN_IPV6(skb) \
75 (skb->protocol == htons(ETH_P_8021Q) && \
76 vlan_proto(skb) == htons(ETH_P_IPV6) &&\
77 brnf_filter_vlan_tagged)
78
79#define IS_VLAN_ARP(skb) \
80 (skb->protocol == htons(ETH_P_8021Q) && \
81 vlan_proto(skb) == htons(ETH_P_ARP) && \
82 brnf_filter_vlan_tagged)
73 83
74/* We need these fake structures to make netfilter happy -- 84/* We need these fake structures to make netfilter happy --
75 * lots of places assume that skb->dst != NULL, which isn't 85 * lots of places assume that skb->dst != NULL, which isn't
@@ -419,9 +429,8 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
419 __u32 len; 429 __u32 len;
420 struct sk_buff *skb = *pskb; 430 struct sk_buff *skb = *pskb;
421 struct nf_bridge_info *nf_bridge; 431 struct nf_bridge_info *nf_bridge;
422 struct vlan_ethhdr *hdr = vlan_eth_hdr(*pskb);
423 432
424 if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6) { 433 if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb)) {
425#ifdef CONFIG_SYSCTL 434#ifdef CONFIG_SYSCTL
426 if (!brnf_call_ip6tables) 435 if (!brnf_call_ip6tables)
427 return NF_ACCEPT; 436 return NF_ACCEPT;
@@ -440,7 +449,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
440 return NF_ACCEPT; 449 return NF_ACCEPT;
441#endif 450#endif
442 451
443 if (skb->protocol != htons(ETH_P_IP) && !IS_VLAN_IP) 452 if (skb->protocol != htons(ETH_P_IP) && !IS_VLAN_IP(skb))
444 return NF_ACCEPT; 453 return NF_ACCEPT;
445 454
446 if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL) 455 if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
@@ -521,9 +530,8 @@ static int br_nf_forward_finish(struct sk_buff *skb)
521{ 530{
522 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 531 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
523 struct net_device *in; 532 struct net_device *in;
524 struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
525 533
526 if (skb->protocol != htons(ETH_P_ARP) && !IS_VLAN_ARP) { 534 if (skb->protocol != htons(ETH_P_ARP) && !IS_VLAN_ARP(skb)) {
527 in = nf_bridge->physindev; 535 in = nf_bridge->physindev;
528 if (nf_bridge->mask & BRNF_PKT_TYPE) { 536 if (nf_bridge->mask & BRNF_PKT_TYPE) {
529 skb->pkt_type = PACKET_OTHERHOST; 537 skb->pkt_type = PACKET_OTHERHOST;
@@ -553,7 +561,6 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
553{ 561{
554 struct sk_buff *skb = *pskb; 562 struct sk_buff *skb = *pskb;
555 struct nf_bridge_info *nf_bridge; 563 struct nf_bridge_info *nf_bridge;
556 struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
557 struct net_device *parent; 564 struct net_device *parent;
558 int pf; 565 int pf;
559 566
@@ -564,7 +571,7 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
564 if (!parent) 571 if (!parent)
565 return NF_DROP; 572 return NF_DROP;
566 573
567 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP) 574 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
568 pf = PF_INET; 575 pf = PF_INET;
569 else 576 else
570 pf = PF_INET6; 577 pf = PF_INET6;
@@ -596,7 +603,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
596 int (*okfn)(struct sk_buff *)) 603 int (*okfn)(struct sk_buff *))
597{ 604{
598 struct sk_buff *skb = *pskb; 605 struct sk_buff *skb = *pskb;
599 struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
600 struct net_device **d = (struct net_device **)(skb->cb); 606 struct net_device **d = (struct net_device **)(skb->cb);
601 607
602#ifdef CONFIG_SYSCTL 608#ifdef CONFIG_SYSCTL
@@ -605,14 +611,14 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
605#endif 611#endif
606 612
607 if (skb->protocol != htons(ETH_P_ARP)) { 613 if (skb->protocol != htons(ETH_P_ARP)) {
608 if (!IS_VLAN_ARP) 614 if (!IS_VLAN_ARP(skb))
609 return NF_ACCEPT; 615 return NF_ACCEPT;
610 skb_pull(*pskb, VLAN_HLEN); 616 skb_pull(*pskb, VLAN_HLEN);
611 (*pskb)->nh.raw += VLAN_HLEN; 617 (*pskb)->nh.raw += VLAN_HLEN;
612 } 618 }
613 619
614 if (skb->nh.arph->ar_pln != 4) { 620 if (skb->nh.arph->ar_pln != 4) {
615 if (IS_VLAN_ARP) { 621 if (IS_VLAN_ARP(skb)) {
616 skb_push(*pskb, VLAN_HLEN); 622 skb_push(*pskb, VLAN_HLEN);
617 (*pskb)->nh.raw -= VLAN_HLEN; 623 (*pskb)->nh.raw -= VLAN_HLEN;
618 } 624 }
@@ -667,13 +673,12 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb,
667 struct net_device *realindev, *realoutdev; 673 struct net_device *realindev, *realoutdev;
668 struct sk_buff *skb = *pskb; 674 struct sk_buff *skb = *pskb;
669 struct nf_bridge_info *nf_bridge; 675 struct nf_bridge_info *nf_bridge;
670 struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
671 int pf; 676 int pf;
672 677
673 if (!skb->nf_bridge) 678 if (!skb->nf_bridge)
674 return NF_ACCEPT; 679 return NF_ACCEPT;
675 680
676 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP) 681 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
677 pf = PF_INET; 682 pf = PF_INET;
678 else 683 else
679 pf = PF_INET6; 684 pf = PF_INET6;
@@ -752,7 +757,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
752{ 757{
753 struct sk_buff *skb = *pskb; 758 struct sk_buff *skb = *pskb;
754 struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge; 759 struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;
755 struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
756 struct net_device *realoutdev = bridge_parent(skb->dev); 760 struct net_device *realoutdev = bridge_parent(skb->dev);
757 int pf; 761 int pf;
758 762
@@ -772,7 +776,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
772 if (!realoutdev) 776 if (!realoutdev)
773 return NF_DROP; 777 return NF_DROP;
774 778
775 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP) 779 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
776 pf = PF_INET; 780 pf = PF_INET;
777 else 781 else
778 pf = PF_INET6; 782 pf = PF_INET6;