diff options
author | Michael Milner <milner@blissisland.ca> | 2007-04-13 01:14:23 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-04-26 01:28:57 -0400 |
commit | 516299d2f5b6f9703b9b388faf91898dc636a678 (patch) | |
tree | 909b7003188f0f100e0782c9620515e39cba1603 /include | |
parent | 91d73c15cb165195bc8c3d6a35e30df454b1485b (diff) |
[NETFILTER]: bridge-nf: filter bridged IPv4/IPv6 encapsulated in pppoe traffic
The attached patch by Michael Milner adds support for using iptables and
ip6tables on bridged traffic encapsulated in ppoe frames, similar to
what's already supported for vlan.
Signed-off-by: Michael Milner <milner@blissisland.ca>
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/if_pppox.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter_bridge.h | 11 | ||||
-rw-r--r-- | include/linux/sysctl.h | 1 |
3 files changed, 13 insertions, 2 deletions
diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h index 29d6579ff1a0..6f987be60fe2 100644 --- a/include/linux/if_pppox.h +++ b/include/linux/if_pppox.h | |||
@@ -111,6 +111,9 @@ struct pppoe_hdr { | |||
111 | struct pppoe_tag tag[0]; | 111 | struct pppoe_tag tag[0]; |
112 | } __attribute__ ((packed)); | 112 | } __attribute__ ((packed)); |
113 | 113 | ||
114 | /* Length of entire PPPoE + PPP header */ | ||
115 | #define PPPOE_SES_HLEN 8 | ||
116 | |||
114 | #ifdef __KERNEL__ | 117 | #ifdef __KERNEL__ |
115 | #include <linux/skbuff.h> | 118 | #include <linux/skbuff.h> |
116 | 119 | ||
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h index 55689f39f77a..19060030bac9 100644 --- a/include/linux/netfilter_bridge.h +++ b/include/linux/netfilter_bridge.h | |||
@@ -7,6 +7,7 @@ | |||
7 | #include <linux/netfilter.h> | 7 | #include <linux/netfilter.h> |
8 | #include <linux/if_ether.h> | 8 | #include <linux/if_ether.h> |
9 | #include <linux/if_vlan.h> | 9 | #include <linux/if_vlan.h> |
10 | #include <linux/if_pppox.h> | ||
10 | 11 | ||
11 | /* Bridge Hooks */ | 12 | /* Bridge Hooks */ |
12 | /* After promisc drops, checksum checks. */ | 13 | /* After promisc drops, checksum checks. */ |
@@ -58,8 +59,14 @@ static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb) | |||
58 | * enough room for the encapsulating header (if there is one). */ | 59 | * enough room for the encapsulating header (if there is one). */ |
59 | static inline int nf_bridge_pad(const struct sk_buff *skb) | 60 | static inline int nf_bridge_pad(const struct sk_buff *skb) |
60 | { | 61 | { |
61 | return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q)) | 62 | int padding = 0; |
62 | ? VLAN_HLEN : 0; | 63 | |
64 | if (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q)) | ||
65 | padding = VLAN_HLEN; | ||
66 | else if (skb->nf_bridge && skb->protocol == htons(ETH_P_PPP_SES)) | ||
67 | padding = PPPOE_SES_HLEN; | ||
68 | |||
69 | return padding; | ||
63 | } | 70 | } |
64 | 71 | ||
65 | struct bridge_skb_cb { | 72 | struct bridge_skb_cb { |
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h index df2d9ed20a4e..47f1c53332ce 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h | |||
@@ -792,6 +792,7 @@ enum { | |||
792 | NET_BRIDGE_NF_CALL_IPTABLES = 2, | 792 | NET_BRIDGE_NF_CALL_IPTABLES = 2, |
793 | NET_BRIDGE_NF_CALL_IP6TABLES = 3, | 793 | NET_BRIDGE_NF_CALL_IP6TABLES = 3, |
794 | NET_BRIDGE_NF_FILTER_VLAN_TAGGED = 4, | 794 | NET_BRIDGE_NF_FILTER_VLAN_TAGGED = 4, |
795 | NET_BRIDGE_NF_FILTER_PPPOE_TAGGED = 5, | ||
795 | }; | 796 | }; |
796 | 797 | ||
797 | /* CTL_FS names: */ | 798 | /* CTL_FS names: */ |