netfilter: bridge-netfilter: simplify IP DNAT

Remove br_netfilter.c::br_nf_local_out(). The function
br_nf_local_out() was needed because the PF_BRIDGE::LOCAL_OUT hook
could be called when IP DNAT happens on to-be-bridged traffic. The
new scheme eliminates this mess.

Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>

1 files changed, 14 insertions, 3 deletions

diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index f8105e54716a..ffab6c423a57 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -41,9 +41,8 @@ enum nf_br_hook_priorities {
 
 #define BRNF_PKT_TYPE                   0x01
 #define BRNF_BRIDGED_DNAT               0x02
-#define BRNF_DONT_TAKE_PARENT           0x04
-#define BRNF_BRIDGED                    0x08
-#define BRNF_NF_BRIDGE_PREROUTING       0x10
+#define BRNF_BRIDGED                    0x04
+#define BRNF_NF_BRIDGE_PREROUTING       0x08
 
 
 /* Only used in br_forward.c */
@@ -68,6 +67,18 @@ static inline unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb)
         }
 }
 
+extern int br_handle_frame_finish(struct sk_buff *skb);
+/* Only used in br_device.c */
+static inline int br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb)
+{
+        struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+
+        skb_pull(skb, ETH_HLEN);
+        nf_bridge->mask ^= BRNF_BRIDGED_DNAT;
+        skb->dev = nf_bridge->physindev;
+        return br_handle_frame_finish(skb);
+}
+
 /* This is called by the IP fragmenting code and it ensures there is
  * enough room for the encapsulating header (if there is one). */
 static inline unsigned int nf_bridge_pad(const struct sk_buff *skb)