diff options
| author | Florian Westphal <fw@strlen.de> | 2015-04-02 08:31:43 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-08 10:49:10 -0400 |
| commit | 383307838d41935841ba6b2e939b968326e2dea1 (patch) | |
| tree | 85a4d1735e895f9549e63a06209b893097ab686c /net | |
| parent | a99074ae1f5cce08c769542440391981899ac04c (diff) | |
netfilter: bridge: add and use nf_bridge_info_get helper
Don't access skb->nf_bridge directly, this pointer will be removed soon.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/br_netfilter.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index ca1cb6704a78..301f12b0a7cd 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
| @@ -124,6 +124,11 @@ struct brnf_frag_data { | |||
| 124 | static DEFINE_PER_CPU(struct brnf_frag_data, brnf_frag_data_storage); | 124 | static DEFINE_PER_CPU(struct brnf_frag_data, brnf_frag_data_storage); |
| 125 | #endif | 125 | #endif |
| 126 | 126 | ||
| 127 | static struct nf_bridge_info *nf_bridge_info_get(const struct sk_buff *skb) | ||
| 128 | { | ||
| 129 | return skb->nf_bridge; | ||
| 130 | } | ||
| 131 | |||
| 127 | static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) | 132 | static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) |
| 128 | { | 133 | { |
| 129 | struct net_bridge_port *port; | 134 | struct net_bridge_port *port; |
| @@ -268,7 +273,7 @@ static void nf_bridge_update_protocol(struct sk_buff *skb) | |||
| 268 | * bridge PRE_ROUTING hook. */ | 273 | * bridge PRE_ROUTING hook. */ |
| 269 | static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) | 274 | static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) |
| 270 | { | 275 | { |
| 271 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 276 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
| 272 | struct rtable *rt; | 277 | struct rtable *rt; |
| 273 | 278 | ||
| 274 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 279 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
| @@ -300,7 +305,6 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) | |||
| 300 | */ | 305 | */ |
| 301 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) | 306 | static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) |
| 302 | { | 307 | { |
| 303 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | ||
| 304 | struct neighbour *neigh; | 308 | struct neighbour *neigh; |
| 305 | struct dst_entry *dst; | 309 | struct dst_entry *dst; |
| 306 | 310 | ||
| @@ -310,6 +314,7 @@ static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) | |||
| 310 | dst = skb_dst(skb); | 314 | dst = skb_dst(skb); |
| 311 | neigh = dst_neigh_lookup_skb(dst, skb); | 315 | neigh = dst_neigh_lookup_skb(dst, skb); |
| 312 | if (neigh) { | 316 | if (neigh) { |
| 317 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); | ||
| 313 | int ret; | 318 | int ret; |
| 314 | 319 | ||
| 315 | if (neigh->hh.hh_len) { | 320 | if (neigh->hh.hh_len) { |
| @@ -396,7 +401,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) | |||
| 396 | { | 401 | { |
| 397 | struct net_device *dev = skb->dev; | 402 | struct net_device *dev = skb->dev; |
| 398 | struct iphdr *iph = ip_hdr(skb); | 403 | struct iphdr *iph = ip_hdr(skb); |
| 399 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 404 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
| 400 | struct rtable *rt; | 405 | struct rtable *rt; |
| 401 | int err; | 406 | int err; |
| 402 | int frag_max_size; | 407 | int frag_max_size; |
| @@ -488,7 +493,7 @@ static struct net_device *brnf_get_logical_dev(struct sk_buff *skb, const struct | |||
| 488 | /* Some common code for IPv4/IPv6 */ | 493 | /* Some common code for IPv4/IPv6 */ |
| 489 | static struct net_device *setup_pre_routing(struct sk_buff *skb) | 494 | static struct net_device *setup_pre_routing(struct sk_buff *skb) |
| 490 | { | 495 | { |
| 491 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 496 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
| 492 | 497 | ||
| 493 | if (skb->pkt_type == PACKET_OTHERHOST) { | 498 | if (skb->pkt_type == PACKET_OTHERHOST) { |
| 494 | skb->pkt_type = PACKET_HOST; | 499 | skb->pkt_type = PACKET_HOST; |
| @@ -687,7 +692,7 @@ static unsigned int br_nf_local_in(const struct nf_hook_ops *ops, | |||
| 687 | /* PF_BRIDGE/FORWARD *************************************************/ | 692 | /* PF_BRIDGE/FORWARD *************************************************/ |
| 688 | static int br_nf_forward_finish(struct sk_buff *skb) | 693 | static int br_nf_forward_finish(struct sk_buff *skb) |
| 689 | { | 694 | { |
| 690 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 695 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
| 691 | struct net_device *in; | 696 | struct net_device *in; |
| 692 | 697 | ||
| 693 | if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) { | 698 | if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) { |
| @@ -738,6 +743,10 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops, | |||
| 738 | if (!nf_bridge_unshare(skb)) | 743 | if (!nf_bridge_unshare(skb)) |
| 739 | return NF_DROP; | 744 | return NF_DROP; |
| 740 | 745 | ||
| 746 | nf_bridge = nf_bridge_info_get(skb); | ||
| 747 | if (!nf_bridge) | ||
| 748 | return NF_DROP; | ||
| 749 | |||
| 741 | parent = bridge_parent(out); | 750 | parent = bridge_parent(out); |
| 742 | if (!parent) | 751 | if (!parent) |
| 743 | return NF_DROP; | 752 | return NF_DROP; |
| @@ -751,7 +760,6 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops, | |||
| 751 | 760 | ||
| 752 | nf_bridge_pull_encap_header(skb); | 761 | nf_bridge_pull_encap_header(skb); |
| 753 | 762 | ||
| 754 | nf_bridge = skb->nf_bridge; | ||
| 755 | if (skb->pkt_type == PACKET_OTHERHOST) { | 763 | if (skb->pkt_type == PACKET_OTHERHOST) { |
| 756 | skb->pkt_type = PACKET_HOST; | 764 | skb->pkt_type = PACKET_HOST; |
| 757 | nf_bridge->mask |= BRNF_PKT_TYPE; | 765 | nf_bridge->mask |= BRNF_PKT_TYPE; |
| @@ -886,7 +894,7 @@ static unsigned int br_nf_post_routing(const struct nf_hook_ops *ops, | |||
| 886 | const struct net_device *out, | 894 | const struct net_device *out, |
| 887 | int (*okfn)(struct sk_buff *)) | 895 | int (*okfn)(struct sk_buff *)) |
| 888 | { | 896 | { |
| 889 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 897 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
| 890 | struct net_device *realoutdev = bridge_parent(skb->dev); | 898 | struct net_device *realoutdev = bridge_parent(skb->dev); |
| 891 | u_int8_t pf; | 899 | u_int8_t pf; |
| 892 | 900 | ||
| @@ -955,7 +963,7 @@ static unsigned int ip_sabotage_in(const struct nf_hook_ops *ops, | |||
| 955 | */ | 963 | */ |
| 956 | static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) | 964 | static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) |
| 957 | { | 965 | { |
| 958 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 966 | struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); |
| 959 | 967 | ||
| 960 | skb_pull(skb, ETH_HLEN); | 968 | skb_pull(skb, ETH_HLEN); |
| 961 | nf_bridge->mask &= ~BRNF_BRIDGED_DNAT; | 969 | nf_bridge->mask &= ~BRNF_BRIDGED_DNAT; |