netfilter: bridge-netfilter: cleanup br_netfilter.c

bridge-netfilter: cleanup br_netfilter.c - remove some of the graffiti at the head of br_netfilter.c - remove __br_dnat_complain() - remove KERN_INFO messages when CONFIG_NETFILTER_DEBUG is defined Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Bart De Schuymer <bdschuym@pandora.be> 2010-04-13 05:40:41 -0400
committer: Patrick McHardy <kaber@trash.net> 2010-04-13 05:40:41 -0400
commit: 8237908e145b84d4b020790df0f9315d2f71e980 (patch)
tree: d02fade9463953c388d4181ea0ebe58962e656b0 /net/bridge
parent: 22068311b62858ea7eb71653a07564fd73d7a9b0 (diff)
1 files changed, 2 insertions, 56 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index bc6b57248494..dd6f538ba0b0 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -3,15 +3,8 @@
 *      Linux ethernet bridge
 *
 *      Authors:
- *      Lennert Buytenhek               <buytenh@gnu.org>
+ *      Lennert Buytenhek               <buytenh@gnu.org>
- *      Bart De Schuymer (maintainer)   <bdschuym@pandora.be>
+ *      Bart De Schuymer                <bdschuym@pandora.be>
- *
- *      Changes:
- *      Apr 29 2003: physdev module support (bdschuym)
- *      Jun 19 2003: let arptables see bridged ARP traffic (bdschuym)
- *      Oct 06 2003: filter encapsulated IP/ARP VLAN traffic on untagged bridge
- *                   (bdschuym)
- *      Sep 01 2004: add IPv6 filtering (bdschuym)
 *
 *      This program is free software; you can redistribute it and/or
 *      modify it under the terms of the GNU General Public License
@@ -252,17 +245,6 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
        return 0;
 }
-static void __br_dnat_complain(void)
-{
-        static unsigned long last_complaint;
-        if (jiffies - last_complaint >= 5 * HZ) {
-                printk(KERN_WARNING "Performing cross-bridge DNAT requires IP "
-                       "forwarding to be enabled\n");
-                last_complaint = jiffies;
-        }
-}
 /* This requires some explaining. If DNAT has taken place,
 * we will need to fix up the destination Ethernet address,
 * and this is a tricky process.
@@ -378,11 +360,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
                                        skb_dst_set(skb, (struct dst_entry *)rt);
                                        goto bridged_dnat;
                                }
-                                /* we are sure that forwarding is disabled, so printing
-                                 * this message is no problem. Note that the packet could
-                                 * still have a martian destination address, in which case
-                                 * the packet could be dropped even if forwarding were enabled */
-                                __br_dnat_complain();
                                dst_release((struct dst_entry *)rt);
                        }
 free_skb:
@@ -820,17 +797,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
        struct net_device *realoutdev = bridge_parent(skb->dev);
        u_int8_t pf;
-#ifdef CONFIG_NETFILTER_DEBUG
-        /* Be very paranoid. This probably won't happen anymore, but let's
-         * keep the check just to be sure... */
-        if (skb_mac_header(skb) < skb->head ||
-            skb_mac_header(skb) + ETH_HLEN > skb->data) {
-                printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: "
-                       "bad mac.raw pointer.\n");
-                goto print_error;
-        }
-#endif
        if (!nf_bridge)
                return NF_ACCEPT;
@@ -849,13 +815,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
        else
                return NF_ACCEPT;
-#ifdef CONFIG_NETFILTER_DEBUG
-        if (skb_dst(skb) == NULL) {
-                printk(KERN_INFO "br_netfilter post_routing: skb->dst == NULL\n");
-                goto print_error;
-        }
-#endif
        /* We assume any code from br_dev_queue_push_xmit onwards doesn't care
         * about the value of skb->pkt_type. */
        if (skb->pkt_type == PACKET_OTHERHOST) {
@@ -870,19 +829,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
                br_nf_dev_queue_xmit);
        return NF_STOLEN;
-#ifdef CONFIG_NETFILTER_DEBUG
-print_error:
-        if (skb->dev != NULL) {
-                printk("[%s]", skb->dev->name);
-                if (realoutdev)
-                        printk("[%s]", realoutdev->name);
-        }
-        printk(" head:%p, raw:%p, data:%p\n", skb->head, skb_mac_header(skb),
-               skb->data);
-        dump_stack();
-        return NF_ACCEPT;
-#endif
 }
 /* IP/SABOTAGE *****************************************************/
author	Bart De Schuymer <bdschuym@pandora.be>	2010-04-13 05:40:41 -0400
committer	Patrick McHardy <kaber@trash.net>	2010-04-13 05:40:41 -0400
commit	8237908e145b84d4b020790df0f9315d2f71e980 (patch)
tree	d02fade9463953c388d4181ea0ebe58962e656b0 /net/bridge
parent	22068311b62858ea7eb71653a07564fd73d7a9b0 (diff)

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index bc6b57248494..dd6f538ba0b0 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c
@@ -3,15 +3,8 @@
3	* Linux ethernet bridge	3	* Linux ethernet bridge
4	*	4	*
5	* Authors:	5	* Authors:
6	* Lennert Buytenhek <buytenh@gnu.org>	6	* Lennert Buytenhek <buytenh@gnu.org>
7	* Bart De Schuymer (maintainer) <bdschuym@pandora.be>	7	* Bart De Schuymer <bdschuym@pandora.be>
8	*
9	* Changes:
10	* Apr 29 2003: physdev module support (bdschuym)
11	* Jun 19 2003: let arptables see bridged ARP traffic (bdschuym)
12	* Oct 06 2003: filter encapsulated IP/ARP VLAN traffic on untagged bridge
13	* (bdschuym)
14	* Sep 01 2004: add IPv6 filtering (bdschuym)
15	*	8	*
16	* This program is free software; you can redistribute it and/or	9	* This program is free software; you can redistribute it and/or
17	* modify it under the terms of the GNU General Public License	10	* modify it under the terms of the GNU General Public License
@@ -252,17 +245,6 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
252	return 0;	245	return 0;
253	}	246	}
254		247
255	static void __br_dnat_complain(void)
256	{
257	static unsigned long last_complaint;
258
259	if (jiffies - last_complaint >= 5 * HZ) {
260	printk(KERN_WARNING "Performing cross-bridge DNAT requires IP "
261	"forwarding to be enabled\n");
262	last_complaint = jiffies;
263	}
264	}
265
266	/* This requires some explaining. If DNAT has taken place,	248	/* This requires some explaining. If DNAT has taken place,
267	* we will need to fix up the destination Ethernet address,	249	* we will need to fix up the destination Ethernet address,
268	* and this is a tricky process.	250	* and this is a tricky process.
@@ -378,11 +360,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
378	skb_dst_set(skb, (struct dst_entry *)rt);	360	skb_dst_set(skb, (struct dst_entry *)rt);
379	goto bridged_dnat;	361	goto bridged_dnat;
380	}	362	}
381	/* we are sure that forwarding is disabled, so printing
382	* this message is no problem. Note that the packet could
383	* still have a martian destination address, in which case
384	* the packet could be dropped even if forwarding were enabled */
385	__br_dnat_complain();
386	dst_release((struct dst_entry *)rt);	363	dst_release((struct dst_entry *)rt);
387	}	364	}
388	free_skb:	365	free_skb:
@@ -820,17 +797,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
820	struct net_device *realoutdev = bridge_parent(skb->dev);	797	struct net_device *realoutdev = bridge_parent(skb->dev);
821	u_int8_t pf;	798	u_int8_t pf;
822		799
823	#ifdef CONFIG_NETFILTER_DEBUG
824	/* Be very paranoid. This probably won't happen anymore, but let's
825	* keep the check just to be sure... */
826	if (skb_mac_header(skb) < skb->head \|\|
827	skb_mac_header(skb) + ETH_HLEN > skb->data) {
828	printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: "
829	"bad mac.raw pointer.\n");
830	goto print_error;
831	}
832	#endif
833
834	if (!nf_bridge)	800	if (!nf_bridge)
835	return NF_ACCEPT;	801	return NF_ACCEPT;
836		802
@@ -849,13 +815,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
849	else	815	else
850	return NF_ACCEPT;	816	return NF_ACCEPT;
851		817
852	#ifdef CONFIG_NETFILTER_DEBUG
853	if (skb_dst(skb) == NULL) {
854	printk(KERN_INFO "br_netfilter post_routing: skb->dst == NULL\n");
855	goto print_error;
856	}
857	#endif
858
859	/* We assume any code from br_dev_queue_push_xmit onwards doesn't care	818	/* We assume any code from br_dev_queue_push_xmit onwards doesn't care
860	* about the value of skb->pkt_type. */	819	* about the value of skb->pkt_type. */
861	if (skb->pkt_type == PACKET_OTHERHOST) {	820	if (skb->pkt_type == PACKET_OTHERHOST) {
@@ -870,19 +829,6 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
870	br_nf_dev_queue_xmit);	829	br_nf_dev_queue_xmit);
871		830
872	return NF_STOLEN;	831	return NF_STOLEN;
873
874	#ifdef CONFIG_NETFILTER_DEBUG
875	print_error:
876	if (skb->dev != NULL) {
877	printk("[%s]", skb->dev->name);
878	if (realoutdev)
879	printk("[%s]", realoutdev->name);
880	}
881	printk(" head:%p, raw:%p, data:%p\n", skb->head, skb_mac_header(skb),
882	skb->data);
883	dump_stack();
884	return NF_ACCEPT;
885	#endif
886	}	832	}
887		833
888	/* IP/SABOTAGE *****************************************************/	834	/* IP/SABOTAGE *****************************************************/