netfilter: bridge: start splitting mask into public/private chunks

->mask is a bit info field that mixes various use cases. In particular, we have flags that are mutually exlusive, and flags that are only used within br_netfilter while others need to be exposed to other parts of the kernel. Remove BRNF_8021Q/PPPoE flags. They're mutually exclusive and only needed within br_netfilter context. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2015-04-02 08:31:44 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-04-08 10:49:11 -0400
commit: 3eaf402502e49ad9c58c73e8599c7c4f345d62da (patch)
tree: df5d4e77678c1793f11fdf828c0a98645314674c
parent: 383307838d41935841ba6b2e939b968326e2dea1 (diff)
3 files changed, 17 insertions, 7 deletions
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index e1d96bc2767c..d47a32dffa15 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -20,12 +20,10 @@ enum nf_br_hook_priorities {
 #define BRNF_PKT_TYPE                   0x01
 #define BRNF_BRIDGED_DNAT               0x02
 #define BRNF_NF_BRIDGE_PREROUTING       0x08
-#define BRNF_8021Q                      0x10
-#define BRNF_PPPoE                      0x20
 static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)
 {
-        if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE))
+        if (skb->nf_bridge->orig_proto == BRNF_PROTO_PPPOE)
                return PPPOE_SES_HLEN;
        return 0;
 }
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index f66a089afc41..6f75fb5c6ed7 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -166,6 +166,11 @@ struct nf_conntrack {
 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
 struct nf_bridge_info {
        atomic_t                use;
+        enum {
+                BRNF_PROTO_UNCHANGED,
+                BRNF_PROTO_8021Q,
+                BRNF_PROTO_PPPOE
+        } orig_proto;
        unsigned int            mask;
        struct net_device       *physindev;
        struct net_device       *physoutdev;
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 301f12b0a7cd..ab1e988ca4b8 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -262,10 +262,16 @@ drop:
 static void nf_bridge_update_protocol(struct sk_buff *skb)
 {
-        if (skb->nf_bridge->mask & BRNF_8021Q)
+        switch (skb->nf_bridge->orig_proto) {
+        case BRNF_PROTO_8021Q:
                skb->protocol = htons(ETH_P_8021Q);
-        else if (skb->nf_bridge->mask & BRNF_PPPoE)
+                break;
+        case BRNF_PROTO_PPPOE:
                skb->protocol = htons(ETH_P_PPP_SES);
+                break;
+        case BRNF_PROTO_UNCHANGED:
+                break;
+        }
 }
 /* PF_BRIDGE/PRE_ROUTING *********************************************/
@@ -503,10 +509,11 @@ static struct net_device *setup_pre_routing(struct sk_buff *skb)
        nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING;
        nf_bridge->physindev = skb->dev;
        skb->dev = brnf_get_logical_dev(skb, skb->dev);
        if (skb->protocol == htons(ETH_P_8021Q))
-                nf_bridge->mask |= BRNF_8021Q;
+                nf_bridge->orig_proto = BRNF_PROTO_8021Q;
        else if (skb->protocol == htons(ETH_P_PPP_SES))
-                nf_bridge->mask |= BRNF_PPPoE;
+                nf_bridge->orig_proto = BRNF_PROTO_PPPOE;
        /* Must drop socket now because of tproxy. */
        skb_orphan(skb);
author	Florian Westphal <fw@strlen.de>	2015-04-02 08:31:44 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-04-08 10:49:11 -0400
commit	3eaf402502e49ad9c58c73e8599c7c4f345d62da (patch)
tree	df5d4e77678c1793f11fdf828c0a98645314674c
parent	383307838d41935841ba6b2e939b968326e2dea1 (diff)