12 files changed, 267 insertions, 57 deletions
diff --git a/net/bridge/br.c b/net/bridge/br.c
index f8f184942aaf..188cc1ac49eb 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -67,3 +67,4 @@ EXPORT_SYMBOL(br_should_route_hook);
 module_init(br_init)
 module_exit(br_deinit)
 MODULE_LICENSE("GPL");
+MODULE_VERSION(BR_VERSION);
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index f564ee99782d..0b33a7b3a00c 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -15,7 +15,9 @@
 #include <linux/kernel.h>
 #include <linux/netdevice.h>
-#include <linux/module.h>
+#include <linux/etherdevice.h>
+#include <linux/ethtool.h>
 #include <asm/uaccess.h>
 #include "br_private.h"
@@ -82,6 +84,87 @@ static int br_change_mtu(struct net_device *dev, int new_mtu)
        return 0;
 }
+/* Allow setting mac address of pseudo-bridge to be same as
+ * any of the bound interfaces
+ */
+static int br_set_mac_address(struct net_device *dev, void *p)
+{
+        struct net_bridge *br = netdev_priv(dev);
+        struct sockaddr *addr = p;
+        struct net_bridge_port *port;
+        int err = -EADDRNOTAVAIL;
+        spin_lock_bh(&br->lock);
+        list_for_each_entry(port, &br->port_list, list) {
+                if (!compare_ether_addr(port->dev->dev_addr, addr->sa_data)) {
+                        br_stp_change_bridge_id(br, addr->sa_data);
+                        err = 0;
+                        break;
+                }
+        }
+        spin_unlock_bh(&br->lock);
+        return err;
+}
+static void br_getinfo(struct net_device *dev, struct ethtool_drvinfo *info)
+{
+        strcpy(info->driver, "bridge");
+        strcpy(info->version, BR_VERSION);
+        strcpy(info->fw_version, "N/A");
+        strcpy(info->bus_info, "N/A");
+}
+static int br_set_sg(struct net_device *dev, u32 data)
+{
+        struct net_bridge *br = netdev_priv(dev);
+        if (data)
+                br->feature_mask |= NETIF_F_SG;
+        else
+                br->feature_mask &= ~NETIF_F_SG;
+        br_features_recompute(br);
+        return 0;
+}
+static int br_set_tso(struct net_device *dev, u32 data)
+{
+        struct net_bridge *br = netdev_priv(dev);
+        if (data)
+                br->feature_mask |= NETIF_F_TSO;
+        else
+                br->feature_mask &= ~NETIF_F_TSO;
+        br_features_recompute(br);
+        return 0;
+}
+static int br_set_tx_csum(struct net_device *dev, u32 data)
+{
+        struct net_bridge *br = netdev_priv(dev);
+        if (data)
+                br->feature_mask |= NETIF_F_IP_CSUM;
+        else
+                br->feature_mask &= ~NETIF_F_IP_CSUM;
+        br_features_recompute(br);
+        return 0;
+}
+static struct ethtool_ops br_ethtool_ops = {
+        .get_drvinfo = br_getinfo,
+        .get_link = ethtool_op_get_link,
+        .get_sg = ethtool_op_get_sg,
+        .set_sg = br_set_sg,
+        .get_tx_csum = ethtool_op_get_tx_csum,
+        .set_tx_csum = br_set_tx_csum,
+        .get_tso = ethtool_op_get_tso,
+        .set_tso = br_set_tso,
+};
 void br_dev_setup(struct net_device *dev)
 {
        memset(dev->dev_addr, 0, ETH_ALEN);
@@ -96,8 +179,12 @@ void br_dev_setup(struct net_device *dev)
        dev->change_mtu = br_change_mtu;
        dev->destructor = free_netdev;
        SET_MODULE_OWNER(dev);
+        SET_ETHTOOL_OPS(dev, &br_ethtool_ops);
        dev->stop = br_dev_stop;
        dev->tx_queue_len = 0;
-        dev->set_mac_address = NULL;
+        dev->set_mac_address = br_set_mac_address;
        dev->priv_flags = IFF_EBRIDGE;
+        dev->features = NETIF_F_SG | NETIF_F_FRAGLIST
+                | NETIF_F_HIGHDMA | NETIF_F_TSO | NETIF_F_IP_CSUM;
 }
diff --git a/net/bridge/br_if.c b/net/bridge/br_if.c
index 975abe254b7a..11321197338e 100644
--- a/net/bridge/br_if.c
+++ b/net/bridge/br_if.c
@@ -32,9 +32,8 @@
 * ethtool, use ethtool_ops.  Also, since driver might sleep need to
 * not be holding any locks.
 */
-static int br_initial_port_cost(struct net_device *dev)
+static int port_cost(struct net_device *dev)
 {
        struct ethtool_cmd ecmd = { ETHTOOL_GSET };
        struct ifreq ifr;
        mm_segment_t old_fs;
@@ -58,10 +57,6 @@ static int br_initial_port_cost(struct net_device *dev)
                        return 2;
                case SPEED_10:
                        return 100;
-                default:
-                        pr_info("bridge: can't decode speed from %s: %d\n",
-                                dev->name, ecmd.speed);
-                        return 100;
                }
        }
@@ -75,6 +70,35 @@ static int br_initial_port_cost(struct net_device *dev)
        return 100;     /* assume old 10Mbps */
 }
+/*
+ * Check for port carrier transistions.
+ * Called from work queue to allow for calling functions that
+ * might sleep (such as speed check), and to debounce.
+ */
+static void port_carrier_check(void *arg)
+{
+        struct net_bridge_port *p = arg;
+        rtnl_lock();
+        if (netif_carrier_ok(p->dev)) {
+                u32 cost = port_cost(p->dev);
+                spin_lock_bh(&p->br->lock);
+                if (p->state == BR_STATE_DISABLED) {
+                        p->path_cost = cost;
+                        br_stp_enable_port(p);
+                }
+                spin_unlock_bh(&p->br->lock);
+        } else {
+                spin_lock_bh(&p->br->lock);
+                if (p->state != BR_STATE_DISABLED)
+                        br_stp_disable_port(p);
+                spin_unlock_bh(&p->br->lock);
+        }
+        rtnl_unlock();
+}
 static void destroy_nbp(struct net_bridge_port *p)
 {
        struct net_device *dev = p->dev;
@@ -102,6 +126,9 @@ static void del_nbp(struct net_bridge_port *p)
        dev->br_port = NULL;
        dev_set_promiscuity(dev, -1);
+        cancel_delayed_work(&p->carrier_check);
+        flush_scheduled_work();
        spin_lock_bh(&br->lock);
        br_stp_disable_port(p);
        spin_unlock_bh(&br->lock);
@@ -155,6 +182,7 @@ static struct net_device *new_bridge_dev(const char *name)
        br->bridge_id.prio[1] = 0x00;
        memset(br->bridge_id.addr, 0, ETH_ALEN);
+        br->feature_mask = dev->features;
        br->stp_enabled = 0;
        br->designated_root = br->bridge_id;
        br->root_path_cost = 0;
@@ -195,10 +223,9 @@ static int find_portno(struct net_bridge *br)
        return (index >= BR_MAX_PORTS) ? -EXFULL : index;
 }
-/* called with RTNL */
+/* called with RTNL but without bridge lock */
 static struct net_bridge_port *new_nbp(struct net_bridge *br, 
-                                       struct net_device *dev,
+                                       struct net_device *dev)
-                                       unsigned long cost)
 {
        int index;
        struct net_bridge_port *p;
@@ -215,12 +242,13 @@ static struct net_bridge_port *new_nbp(struct net_bridge *br,
        p->br = br;
        dev_hold(dev);
        p->dev = dev;
-        p->path_cost = cost;
+        p->path_cost = port_cost(dev);
        p->priority = 0x8000 >> BR_PORT_BITS;
        dev->br_port = p;
        p->port_no = index;
        br_init_port(p);
        p->state = BR_STATE_DISABLED;
+        INIT_WORK(&p->carrier_check, port_carrier_check, p);
        kobject_init(&p->kobj);
        return p;
@@ -322,9 +350,8 @@ void br_features_recompute(struct net_bridge *br)
        struct net_bridge_port *p;
        unsigned long features, checksum;
-        features = NETIF_F_SG | NETIF_F_FRAGLIST 
+        features = br->feature_mask &~ NETIF_F_IP_CSUM;
-                | NETIF_F_HIGHDMA | NETIF_F_TSO;
+        checksum = br->feature_mask & NETIF_F_IP_CSUM;
-        checksum = NETIF_F_IP_CSUM;     /* least commmon subset */
        list_for_each_entry(p, &br->port_list, list) {
                if (!(p->dev->features 
@@ -351,7 +378,7 @@ int br_add_if(struct net_bridge *br, struct net_device *dev)
        if (dev->br_port != NULL)
                return -EBUSY;
-        if (IS_ERR(p = new_nbp(br, dev, br_initial_port_cost(dev))))
+        if (IS_ERR(p = new_nbp(br, dev)))
                return PTR_ERR(p);
        if ((err = br_fdb_insert(br, p, dev->dev_addr)))
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index b88220a64cd8..c387852f753a 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -53,6 +53,11 @@ int br_handle_frame_finish(struct sk_buff *skb)
        /* insert into forwarding database after filtering to avoid spoofing */
        br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
+        if (p->state == BR_STATE_LEARNING) {
+                kfree_skb(skb);
+                goto out;
+        }
        if (br->dev->flags & IFF_PROMISC) {
                struct sk_buff *skb2;
@@ -107,9 +112,6 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
        if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
                goto err;
-        if (p->state == BR_STATE_LEARNING)
-                br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
        if (p->br->stp_enabled &&
            !memcmp(dest, bridge_ula, 5) &&
            !(dest[5] & 0xF0)) {
@@ -118,9 +120,10 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
                                NULL, br_stp_handle_bpdu);
                        return 1;
                }
+                goto err;
        }
-        else if (p->state == BR_STATE_FORWARDING) {
+        if (p->state == BR_STATE_FORWARDING || p->state == BR_STATE_LEARNING) {
                if (br_should_route_hook) {
                        if (br_should_route_hook(pskb)) 
                                return 0;
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 23422bd53a5e..223f8270daee 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -26,6 +26,7 @@
 #include <linux/ip.h>
 #include <linux/netdevice.h>
 #include <linux/skbuff.h>
+#include <linux/if_arp.h>
 #include <linux/if_ether.h>
 #include <linux/if_vlan.h>
 #include <linux/netfilter_bridge.h>
@@ -33,8 +34,11 @@
 #include <linux/netfilter_ipv6.h>
 #include <linux/netfilter_arp.h>
 #include <linux/in_route.h>
 #include <net/ip.h>
 #include <net/ipv6.h>
+#include <net/route.h>
 #include <asm/uaccess.h>
 #include <asm/checksum.h>
 #include "br_private.h"
diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c
index 917311c6828b..a43a9c1d50d7 100644
--- a/net/bridge/br_notify.c
+++ b/net/bridge/br_notify.c
@@ -52,17 +52,9 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
                br_stp_recalculate_bridge_id(br);
                break;
-        case NETDEV_CHANGE:     /* device is up but carrier changed */
+        case NETDEV_CHANGE:
-                if (!(br->dev->flags & IFF_UP))
+                if (br->dev->flags & IFF_UP)
-                        break;
+                        schedule_delayed_work(&p->carrier_check, BR_PORT_DEBOUNCE);
-                if (netif_carrier_ok(dev)) {
-                        if (p->state == BR_STATE_DISABLED)
-                                br_stp_enable_port(p);
-                } else {
-                        if (p->state != BR_STATE_DISABLED)
-                                br_stp_disable_port(p);
-                }
                break;
        case NETDEV_FEAT_CHANGE:
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index bdf95a74d8cd..c5bd631ffcd5 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -27,6 +27,10 @@
 #define BR_PORT_BITS    10
 #define BR_MAX_PORTS    (1<<BR_PORT_BITS)
+#define BR_PORT_DEBOUNCE (HZ/10)
+#define BR_VERSION      "2.1"
 typedef struct bridge_id bridge_id;
 typedef struct mac_addr mac_addr;
 typedef __u16 port_id;
@@ -78,6 +82,7 @@ struct net_bridge_port
        struct timer_list               hold_timer;
        struct timer_list               message_age_timer;
        struct kobject                  kobj;
+        struct work_struct              carrier_check;
        struct rcu_head                 rcu;
 };
@@ -90,6 +95,7 @@ struct net_bridge
        spinlock_t                      hash_lock;
        struct hlist_head               hash[BR_HASH_SIZE];
        struct list_head                age_list;
+        unsigned long                   feature_mask;
        /* STP */
        bridge_id                       designated_root;
@@ -201,6 +207,7 @@ extern void br_stp_disable_bridge(struct net_bridge *br);
 extern void br_stp_enable_port(struct net_bridge_port *p);
 extern void br_stp_disable_port(struct net_bridge_port *p);
 extern void br_stp_recalculate_bridge_id(struct net_bridge *br);
+extern void br_stp_change_bridge_id(struct net_bridge *br, const unsigned char *a);
 extern void br_stp_set_bridge_priority(struct net_bridge *br,
                                       u16 newprio);
 extern void br_stp_set_port_priority(struct net_bridge_port *p,
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index ac09b6a23523..cc047f7fb6ef 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -120,8 +120,7 @@ void br_stp_disable_port(struct net_bridge_port *p)
 }
 /* called under bridge lock */
-static void br_stp_change_bridge_id(struct net_bridge *br, 
+void br_stp_change_bridge_id(struct net_bridge *br, const unsigned char *addr)
-                                    const unsigned char *addr)
 {
        unsigned char oldaddr[6];
        struct net_bridge_port *p;
@@ -158,7 +157,7 @@ void br_stp_recalculate_bridge_id(struct net_bridge *br)
        list_for_each_entry(p, &br->port_list, list) {
                if (addr == br_mac_zero ||
-                    compare_ether_addr(p->dev->dev_addr, addr) < 0)
+                    memcmp(p->dev->dev_addr, addr, ETH_ALEN) < 0)
                        addr = p->dev->dev_addr;
        }
diff --git a/net/bridge/br_sysfs_if.c b/net/bridge/br_sysfs_if.c
index f6a19d53eaeb..2ebdc23bbe26 100644
--- a/net/bridge/br_sysfs_if.c
+++ b/net/bridge/br_sysfs_if.c
@@ -248,7 +248,7 @@ int br_sysfs_addif(struct net_bridge_port *p)
        if (err)
                goto out2;
-        kobject_hotplug(&p->kobj, KOBJ_ADD);
+        kobject_uevent(&p->kobj, KOBJ_ADD);
        return 0;
 out2:
        kobject_del(&p->kobj);
@@ -260,7 +260,7 @@ void br_sysfs_removeif(struct net_bridge_port *p)
 {
        pr_debug("br_sysfs_removeif\n");
        sysfs_remove_link(&p->br->ifobj, p->dev->name);
-        kobject_hotplug(&p->kobj, KOBJ_REMOVE);
+        kobject_uevent(&p->kobj, KOBJ_REMOVE);
        kobject_del(&p->kobj);
 }
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
index c70b3be23026..b84fc6075fe1 100644
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -196,9 +196,13 @@ config BRIDGE_EBT_LOG
          To compile it as a module, choose M here.  If unsure, say N.
 config BRIDGE_EBT_ULOG
-        tristate "ebt: ulog support"
+        tristate "ebt: ulog support (OBSOLETE)"
        depends on BRIDGE_NF_EBTABLES
        help
+          This option enables the old bridge-specific "ebt_ulog" implementation
+          which has been obsoleted by the new "nfnetlink_log" code (see
+          CONFIG_NETFILTER_NETLINK_LOG).
          This option adds the ulog watcher, that you can use in any rule
          in any ebtables table. The packet is passed to a userspace
          logging daemon using netlink multicast sockets. This differs
diff --git a/net/bridge/netfilter/ebt_log.c b/net/bridge/netfilter/ebt_log.c
index 662975be3d1d..9f6e0193ae10 100644
--- a/net/bridge/netfilter/ebt_log.c
+++ b/net/bridge/netfilter/ebt_log.c
@@ -3,13 +3,16 @@
 *
 *      Authors:
 *      Bart De Schuymer <bdschuym@pandora.be>
+ *      Harald Welte <laforge@netfilter.org>
 *
 *  April, 2002
 *
 */
+#include <linux/in.h>
 #include <linux/netfilter_bridge/ebtables.h>
 #include <linux/netfilter_bridge/ebt_log.h>
+#include <linux/netfilter.h>
 #include <linux/module.h>
 #include <linux/ip.h>
 #include <linux/if_arp.h>
@@ -55,27 +58,30 @@ static void print_MAC(unsigned char *p)
 }
 #define myNIPQUAD(a) a[0], a[1], a[2], a[3]
-static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
+static void
-   const struct net_device *in, const struct net_device *out,
+ebt_log_packet(unsigned int pf, unsigned int hooknum,
-   const void *data, unsigned int datalen)
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *loginfo,
+   const char *prefix)
 {
-        struct ebt_log_info *info = (struct ebt_log_info *)data;
+        unsigned int bitmask;
-        char level_string[4] = "< >";
-        level_string[1] = '0' + info->loglevel;
        spin_lock_bh(&ebt_log_lock);
-        printk(level_string);
+        printk("<%c>%s IN=%s OUT=%s MAC source = ", '0' + loginfo->u.log.level,
-        printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "",
+               prefix, in ? in->name : "", out ? out->name : "");
-           out ? out->name : "");
-        printk("MAC source = ");
        print_MAC(eth_hdr(skb)->h_source);
        printk("MAC dest = ");
        print_MAC(eth_hdr(skb)->h_dest);
        printk("proto = 0x%04x", ntohs(eth_hdr(skb)->h_proto));
-        if ((info->bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
+        if (loginfo->type == NF_LOG_TYPE_LOG)
+                bitmask = loginfo->u.log.logflags;
+        else
+                bitmask = NF_LOG_MASK;
+        if ((bitmask & EBT_LOG_IP) && eth_hdr(skb)->h_proto ==
           htons(ETH_P_IP)){
                struct iphdr _iph, *ih;
@@ -84,10 +90,9 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
                        printk(" INCOMPLETE IP header");
                        goto out;
                }
-                printk(" IP SRC=%u.%u.%u.%u IP DST=%u.%u.%u.%u,",
+                printk(" IP SRC=%u.%u.%u.%u IP DST=%u.%u.%u.%u, IP "
-                   NIPQUAD(ih->saddr), NIPQUAD(ih->daddr));
+                       "tos=0x%02X, IP proto=%d", NIPQUAD(ih->saddr),
-                printk(" IP tos=0x%02X, IP proto=%d", ih->tos,
+                       NIPQUAD(ih->daddr), ih->tos, ih->protocol);
-                       ih->protocol);
                if (ih->protocol == IPPROTO_TCP ||
                    ih->protocol == IPPROTO_UDP) {
                        struct tcpudphdr _ports, *pptr;
@@ -104,7 +109,7 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
                goto out;
        }
-        if ((info->bitmask & EBT_LOG_ARP) &&
+        if ((bitmask & EBT_LOG_ARP) &&
            ((eth_hdr(skb)->h_proto == htons(ETH_P_ARP)) ||
             (eth_hdr(skb)->h_proto == htons(ETH_P_RARP)))) {
                struct arphdr _arph, *ah;
@@ -144,6 +149,21 @@ static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
 out:
        printk("\n");
        spin_unlock_bh(&ebt_log_lock);
+}
+static void ebt_log(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+        struct ebt_log_info *info = (struct ebt_log_info *)data;
+        struct nf_loginfo li;
+        li.type = NF_LOG_TYPE_LOG;
+        li.u.log.level = info->loglevel;
+        li.u.log.logflags = info->bitmask;
+        nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, info->prefix);
 }
 static struct ebt_watcher log =
@@ -154,13 +174,32 @@ static struct ebt_watcher log =
        .me             = THIS_MODULE,
 };
+static struct nf_logger ebt_log_logger = {
+        .name           = "ebt_log",
+        .logfn          = &ebt_log_packet,
+        .me             = THIS_MODULE,
+};
 static int __init init(void)
 {
-        return ebt_register_watcher(&log);
+        int ret;
+        ret = ebt_register_watcher(&log);
+        if (ret < 0)
+                return ret;
+        if (nf_log_register(PF_BRIDGE, &ebt_log_logger) < 0) {
+                printk(KERN_WARNING "ebt_log: not logging via system console "
+                       "since somebody else already registered for PF_INET\n");
+                /* we cannot make module load fail here, since otherwise 
+                 * ebtables userspace would abort */
+        }
+        return 0;
 }
 static void __exit fini(void)
 {
+        nf_log_unregister_logger(&ebt_log_logger);
        ebt_unregister_watcher(&log);
 }
diff --git a/net/bridge/netfilter/ebt_ulog.c b/net/bridge/netfilter/ebt_ulog.c
index aae26ae2e61f..ce617b3dbbb8 100644
--- a/net/bridge/netfilter/ebt_ulog.c
+++ b/net/bridge/netfilter/ebt_ulog.c
@@ -3,6 +3,7 @@
 *
 *      Authors:
 *      Bart De Schuymer <bdschuym@pandora.be>
+ *      Harald Welte <laforge@netfilter.org>
 *
 *  November, 2004
 *
@@ -115,14 +116,13 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
        return skb;
 }
-static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+static void ebt_ulog_packet(unsigned int hooknr, const struct sk_buff *skb,
   const struct net_device *in, const struct net_device *out,
-   const void *data, unsigned int datalen)
+   const struct ebt_ulog_info *uloginfo, const char *prefix)
 {
        ebt_ulog_packet_msg_t *pm;
        size_t size, copy_len;
        struct nlmsghdr *nlh;
-        struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
        unsigned int group = uloginfo->nlgroup;
        ebt_ulog_buff_t *ub = &ulog_buffers[group];
        spinlock_t *lock = &ub->lock;
@@ -216,6 +216,39 @@ alloc_failure:
        goto unlock;
 }
+/* this function is registered with the netfilter core */
+static void ebt_log_packet(unsigned int pf, unsigned int hooknum,
+   const struct sk_buff *skb, const struct net_device *in,
+   const struct net_device *out, const struct nf_loginfo *li,
+   const char *prefix)
+{
+        struct ebt_ulog_info loginfo;
+        if (!li || li->type != NF_LOG_TYPE_ULOG) {
+                loginfo.nlgroup = EBT_ULOG_DEFAULT_NLGROUP;
+                loginfo.cprange = 0;
+                loginfo.qthreshold = EBT_ULOG_DEFAULT_QTHRESHOLD;
+                loginfo.prefix[0] = '\0';
+        } else {
+                loginfo.nlgroup = li->u.ulog.group;
+                loginfo.cprange = li->u.ulog.copy_len;
+                loginfo.qthreshold = li->u.ulog.qthreshold;
+                strlcpy(loginfo.prefix, prefix, sizeof(loginfo.prefix));
+        }
+        ebt_ulog_packet(hooknum, skb, in, out, &loginfo, prefix);
+}
+static void ebt_ulog(const struct sk_buff *skb, unsigned int hooknr,
+   const struct net_device *in, const struct net_device *out,
+   const void *data, unsigned int datalen)
+{
+        struct ebt_ulog_info *uloginfo = (struct ebt_ulog_info *)data;
+        ebt_ulog_packet(hooknr, skb, in, out, uloginfo, NULL);
+}
 static int ebt_ulog_check(const char *tablename, unsigned int hookmask,
   const struct ebt_entry *e, void *data, unsigned int datalen)
 {
@@ -240,6 +273,12 @@ static struct ebt_watcher ulog = {
        .me             = THIS_MODULE,
 };
+static struct nf_logger ebt_ulog_logger = {
+        .name           = EBT_ULOG_WATCHER,
+        .logfn          = &ebt_log_packet,
+        .me             = THIS_MODULE,
+};
 static int __init init(void)
 {
        int i, ret = 0;
@@ -265,6 +304,13 @@ static int __init init(void)
        else if ((ret = ebt_register_watcher(&ulog)))
                sock_release(ebtulognl->sk_socket);
+        if (nf_log_register(PF_BRIDGE, &ebt_ulog_logger) < 0) {
+                printk(KERN_WARNING "ebt_ulog: not logging via ulog "
+                       "since somebody else already registered for PF_BRIDGE\n");
+                /* we cannot make module load fail here, since otherwise
+                 * ebtables userspace would abort */
+        }
        return ret;
 }
@@ -273,6 +319,7 @@ static void __exit fini(void)
        ebt_ulog_buff_t *ub;
        int i;
+        nf_log_unregister_logger(&ebt_ulog_logger);
        ebt_unregister_watcher(&ulog);
        for (i = 0; i < EBT_ULOG_MAXNLGROUPS; i++) {
                ub = &ulog_buffers[i];