4 files changed, 51 insertions, 30 deletions
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index d9449df7cad5..9b58d70b0e7d 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -68,10 +68,17 @@ static int br_dev_stop(struct net_device *dev)
 static int br_change_mtu(struct net_device *dev, int new_mtu)
 {
-        if (new_mtu < 68 || new_mtu > br_min_mtu(netdev_priv(dev)))
+        struct net_bridge *br = netdev_priv(dev);
+        if (new_mtu < 68 || new_mtu > br_min_mtu(br))
                return -EINVAL;
        dev->mtu = new_mtu;
+#ifdef CONFIG_BRIDGE_NETFILTER
+        /* remember the MTU in the rtable for PMTU */
+        br->fake_rtable.u.dst.metrics[RTAX_MTU - 1] = new_mtu;
+#endif
        return 0;
 }
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index a072ea5ca6f5..63c18aacde8c 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -202,6 +202,9 @@ static struct net_device *new_bridge_dev(const char *name)
        br->topology_change = 0;
        br->topology_change_detected = 0;
        br->ageing_time = 300 * HZ;
+        br_netfilter_rtable_init(br);
        INIT_LIST_HEAD(&br->age_list);
        br_stp_timer_init(br);
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index bb90cd7bace3..6e280a8a31ee 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -101,33 +101,30 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
         pppoe_proto(skb) == htons(PPP_IPV6) && \
         brnf_filter_pppoe_tagged)
-/* We need these fake structures to make netfilter happy --
+/*
- * lots of places assume that skb->dst != NULL, which isn't
+ * Initialize bogus route table used to keep netfilter happy.
- * all that unreasonable.
- *
 * Currently, we fill in the PMTU entry because netfilter
 * refragmentation needs it, and the rt_flags entry because
 * ipt_REJECT needs it.  Future netfilter modules might
- * require us to fill additional fields. */
+ * require us to fill additional fields.
-static struct net_device __fake_net_device = {
+ */
-        .hard_header_len        = ETH_HLEN,
+void br_netfilter_rtable_init(struct net_bridge *br)
-#ifdef CONFIG_NET_NS
+{
-        .nd_net                 = &init_net,
+        struct rtable *rt = &br->fake_rtable;
-#endif
-};
-static struct rtable __fake_rtable = {
+        atomic_set(&rt->u.dst.__refcnt, 1);
-        .u = {
+        rt->u.dst.dev = &br->dev;
-                .dst = {
+        rt->u.dst.path = &rt->u.dst;
-                        .__refcnt               = ATOMIC_INIT(1),
+        rt->u.dst.metrics[RTAX_MTU - 1] = 1500;
-                        .dev                    = &__fake_net_device,
+        rt->u.dst.flags = DST_NOXFRM;
-                        .path                   = &__fake_rtable.u.dst,
+}
-                        .metrics                = {[RTAX_MTU - 1] = 1500},
-                        .flags                  = DST_NOXFRM,
+static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
-                }
+{
-        },
+        struct net_bridge_port *port = rcu_dereference(dev->br_port);
-        .rt_flags       = 0,
-};
+        return port ? &port->br->fake_rtable : NULL;
+}
 static inline struct net_device *bridge_parent(const struct net_device *dev)
 {
@@ -226,8 +223,12 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
        }
        nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
-        skb->rtable = &__fake_rtable;
+        skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
-        dst_hold(&__fake_rtable.u.dst);
+        if (!skb->rtable) {
+                kfree_skb(skb);
+                return 0;
+        }
+        dst_hold(&skb->rtable->u.dst);
        skb->dev = nf_bridge->physindev;
        nf_bridge_push_encap_header(skb);
@@ -391,8 +392,12 @@ bridged_dnat:
                        skb->pkt_type = PACKET_HOST;
                }
        } else {
-                skb->rtable = &__fake_rtable;
+                skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
-                dst_hold(&__fake_rtable.u.dst);
+                if (!skb->rtable) {
+                        kfree_skb(skb);
+                        return 0;
+                }
+                dst_hold(&skb->rtable->u.dst);
        }
        skb->dev = nf_bridge->physindev;
@@ -611,8 +616,8 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
                                   const struct net_device *out,
                                   int (*okfn)(struct sk_buff *))
 {
-        if (skb->rtable == &__fake_rtable) {
+        if (skb->rtable && skb->rtable == bridge_parent_rtable(in)) {
-                dst_release(&__fake_rtable.u.dst);
+                dst_release(&skb->rtable->u.dst);
                skb->rtable = NULL;
        }
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 815ed38925b2..c3dc18ddc043 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -15,6 +15,7 @@
 #include <linux/netdevice.h>
 #include <linux/if_bridge.h>
+#include <net/route.h>
 #define BR_HASH_BITS 8
 #define BR_HASH_SIZE (1 << BR_HASH_BITS)
@@ -92,6 +93,9 @@ struct net_bridge
        struct hlist_head               hash[BR_HASH_SIZE];
        struct list_head                age_list;
        unsigned long                   feature_mask;
+#ifdef CONFIG_BRIDGE_NETFILTER
+        struct rtable                   fake_rtable;
+#endif
        unsigned long                   flags;
 #define BR_SET_MAC_ADDR         0x00000001
@@ -197,9 +201,11 @@ extern int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __us
 #ifdef CONFIG_BRIDGE_NETFILTER
 extern int br_netfilter_init(void);
 extern void br_netfilter_fini(void);
+extern void br_netfilter_rtable_init(struct net_bridge *);
 #else
 #define br_netfilter_init()     (0)
 #define br_netfilter_fini()     do { } while(0)
+#define br_netfilter_rtable_init(x)
 #endif
 /* br_stp.c */

diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index d9449df7cad5..9b58d70b0e7d 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c
@@ -68,10 +68,17 @@ static int br_dev_stop(struct net_device *dev)
68		68
69	static int br_change_mtu(struct net_device *dev, int new_mtu)	69	static int br_change_mtu(struct net_device *dev, int new_mtu)
70	{	70	{
71	if (new_mtu < 68 \|\| new_mtu > br_min_mtu(netdev_priv(dev)))	71	struct net_bridge *br = netdev_priv(dev);
		72	if (new_mtu < 68 \|\| new_mtu > br_min_mtu(br))
72	return -EINVAL;	73	return -EINVAL;
73		74
74	dev->mtu = new_mtu;	75	dev->mtu = new_mtu;
		76
		77	#ifdef CONFIG_BRIDGE_NETFILTER
		78	/* remember the MTU in the rtable for PMTU */
		79	br->fake_rtable.u.dst.metrics[RTAX_MTU - 1] = new_mtu;
		80	#endif
		81
75	return 0;	82	return 0;
76	}	83	}
77		84


diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c index a072ea5ca6f5..63c18aacde8c 100644 --- a/net/bridge/br_if.c +++ b/net/bridge/br_if.c
@@ -202,6 +202,9 @@ static struct net_device new_bridge_dev(const char name)
202	br->topology_change = 0;	202	br->topology_change = 0;
203	br->topology_change_detected = 0;	203	br->topology_change_detected = 0;
204	br->ageing_time = 300 * HZ;	204	br->ageing_time = 300 * HZ;
		205
		206	br_netfilter_rtable_init(br);
		207
205	INIT_LIST_HEAD(&br->age_list);	208	INIT_LIST_HEAD(&br->age_list);
206		209
207	br_stp_timer_init(br);	210	br_stp_timer_init(br);


diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index bb90cd7bace3..6e280a8a31ee 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c
@@ -101,33 +101,30 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
101	pppoe_proto(skb) == htons(PPP_IPV6) && \	101	pppoe_proto(skb) == htons(PPP_IPV6) && \
102	brnf_filter_pppoe_tagged)	102	brnf_filter_pppoe_tagged)
103		103
104	/* We need these fake structures to make netfilter happy --	104	/*
105	* lots of places assume that skb->dst != NULL, which isn't	105	* Initialize bogus route table used to keep netfilter happy.
106	* all that unreasonable.
107	*
108	* Currently, we fill in the PMTU entry because netfilter	106	* Currently, we fill in the PMTU entry because netfilter
109	* refragmentation needs it, and the rt_flags entry because	107	* refragmentation needs it, and the rt_flags entry because
110	* ipt_REJECT needs it. Future netfilter modules might	108	* ipt_REJECT needs it. Future netfilter modules might
111	* require us to fill additional fields. */	109	* require us to fill additional fields.
112	static struct net_device __fake_net_device = {	110	*/
113	.hard_header_len = ETH_HLEN,	111	void br_netfilter_rtable_init(struct net_bridge *br)
114	#ifdef CONFIG_NET_NS	112	{
115	.nd_net = &init_net,	113	struct rtable *rt = &br->fake_rtable;
116	#endif
117	};
118		114
119	static struct rtable __fake_rtable = {	115	atomic_set(&rt->u.dst.__refcnt, 1);
120	.u = {	116	rt->u.dst.dev = &br->dev;
121	.dst = {	117	rt->u.dst.path = &rt->u.dst;
122	.__refcnt = ATOMIC_INIT(1),	118	rt->u.dst.metrics[RTAX_MTU - 1] = 1500;
123	.dev = &__fake_net_device,	119	rt->u.dst.flags = DST_NOXFRM;
124	.path = &__fake_rtable.u.dst,	120	}
125	.metrics = {[RTAX_MTU - 1] = 1500},	121
126	.flags = DST_NOXFRM,	122	static inline struct rtable bridge_parent_rtable(const struct net_device dev)
127	}	123	{
128	},	124	struct net_bridge_port *port = rcu_dereference(dev->br_port);
129	.rt_flags = 0,	125
130	};	126	return port ? &port->br->fake_rtable : NULL;
		127	}
131		128
132	static inline struct net_device bridge_parent(const struct net_device dev)	129	static inline struct net_device bridge_parent(const struct net_device dev)
133	{	130	{
@@ -226,8 +223,12 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
226	}	223	}
227	nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;	224	nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
228		225
229	skb->rtable = &__fake_rtable;	226	skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
230	dst_hold(&__fake_rtable.u.dst);	227	if (!skb->rtable) {
		228	kfree_skb(skb);
		229	return 0;
		230	}
		231	dst_hold(&skb->rtable->u.dst);
231		232
232	skb->dev = nf_bridge->physindev;	233	skb->dev = nf_bridge->physindev;
233	nf_bridge_push_encap_header(skb);	234	nf_bridge_push_encap_header(skb);
@@ -391,8 +392,12 @@ bridged_dnat:
391	skb->pkt_type = PACKET_HOST;	392	skb->pkt_type = PACKET_HOST;
392	}	393	}
393	} else {	394	} else {
394	skb->rtable = &__fake_rtable;	395	skb->rtable = bridge_parent_rtable(nf_bridge->physindev);
395	dst_hold(&__fake_rtable.u.dst);	396	if (!skb->rtable) {
		397	kfree_skb(skb);
		398	return 0;
		399	}
		400	dst_hold(&skb->rtable->u.dst);
396	}	401	}
397		402
398	skb->dev = nf_bridge->physindev;	403	skb->dev = nf_bridge->physindev;
@@ -611,8 +616,8 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
611	const struct net_device *out,	616	const struct net_device *out,
612	int (okfn)(struct sk_buff ))	617	int (okfn)(struct sk_buff ))
613	{	618	{
614	if (skb->rtable == &__fake_rtable) {	619	if (skb->rtable && skb->rtable == bridge_parent_rtable(in)) {
615	dst_release(&__fake_rtable.u.dst);	620	dst_release(&skb->rtable->u.dst);
616	skb->rtable = NULL;	621	skb->rtable = NULL;
617	}	622	}
618		623


diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h index 815ed38925b2..c3dc18ddc043 100644 --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h
@@ -15,6 +15,7 @@
15		15
16	#include <linux/netdevice.h>	16	#include <linux/netdevice.h>
17	#include <linux/if_bridge.h>	17	#include <linux/if_bridge.h>
		18	#include <net/route.h>
18		19
19	#define BR_HASH_BITS 8	20	#define BR_HASH_BITS 8
20	#define BR_HASH_SIZE (1 << BR_HASH_BITS)	21	#define BR_HASH_SIZE (1 << BR_HASH_BITS)
@@ -92,6 +93,9 @@ struct net_bridge
92	struct hlist_head hash[BR_HASH_SIZE];	93	struct hlist_head hash[BR_HASH_SIZE];
93	struct list_head age_list;	94	struct list_head age_list;
94	unsigned long feature_mask;	95	unsigned long feature_mask;
		96	#ifdef CONFIG_BRIDGE_NETFILTER
		97	struct rtable fake_rtable;
		98	#endif
95	unsigned long flags;	99	unsigned long flags;
96	#define BR_SET_MAC_ADDR 0x00000001	100	#define BR_SET_MAC_ADDR 0x00000001
97		101
@@ -197,9 +201,11 @@ extern int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __us
197	#ifdef CONFIG_BRIDGE_NETFILTER	201	#ifdef CONFIG_BRIDGE_NETFILTER
198	extern int br_netfilter_init(void);	202	extern int br_netfilter_init(void);
199	extern void br_netfilter_fini(void);	203	extern void br_netfilter_fini(void);
		204	extern void br_netfilter_rtable_init(struct net_bridge *);
200	#else	205	#else
201	#define br_netfilter_init() (0)	206	#define br_netfilter_init() (0)
202	#define br_netfilter_fini() do { } while(0)	207	#define br_netfilter_fini() do { } while(0)
		208	#define br_netfilter_rtable_init(x)
203	#endif	209	#endif
204		210
205	/* br_stp.c */	211	/* br_stp.c */