11 files changed, 108 insertions, 17 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index af7e8be8d8d2..bb90cd7bace3 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -111,7 +111,9 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
 * require us to fill additional fields. */
 static struct net_device __fake_net_device = {
        .hard_header_len        = ETH_HLEN,
+#ifdef CONFIG_NET_NS
        .nd_net                 = &init_net,
+#endif
 };
 static struct rtable __fake_rtable = {
@@ -224,8 +226,8 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
        }
        nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
-        skb->dst = (struct dst_entry *)&__fake_rtable;
+        skb->rtable = &__fake_rtable;
-        dst_hold(skb->dst);
+        dst_hold(&__fake_rtable.u.dst);
        skb->dev = nf_bridge->physindev;
        nf_bridge_push_encap_header(skb);
@@ -389,8 +391,8 @@ bridged_dnat:
                        skb->pkt_type = PACKET_HOST;
                }
        } else {
-                skb->dst = (struct dst_entry *)&__fake_rtable;
+                skb->rtable = &__fake_rtable;
-                dst_hold(skb->dst);
+                dst_hold(&__fake_rtable.u.dst);
        }
        skb->dev = nf_bridge->physindev;
@@ -609,9 +611,9 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb,
                                   const struct net_device *out,
                                   int (*okfn)(struct sk_buff *))
 {
-        if (skb->dst == (struct dst_entry *)&__fake_rtable) {
+        if (skb->rtable == &__fake_rtable) {
-                dst_release(skb->dst);
+                dst_release(&__fake_rtable.u.dst);
-                skb->dst = NULL;
+                skb->rtable = NULL;
        }
        return NF_ACCEPT;
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index f5d69336d97b..f155e6ce8a21 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -108,7 +108,7 @@ errout:
 */
 static int br_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
 {
-        struct net *net = skb->sk->sk_net;
+        struct net *net = sock_net(skb->sk);
        struct net_device *dev;
        int idx;
@@ -140,7 +140,7 @@ skip:
 */
 static int br_rtm_setlink(struct sk_buff *skb,  struct nlmsghdr *nlh, void *arg)
 {
-        struct net *net = skb->sk->sk_net;
+        struct net *net = sock_net(skb->sk);
        struct ifinfomsg *ifm;
        struct nlattr *protinfo;
        struct net_device *dev;
diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c
index 07ac3ae68d8f..00644a544e3c 100644
--- a/net/bridge/br_notify.c
+++ b/net/bridge/br_notify.c
@@ -37,7 +37,7 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v
        struct net_bridge_port *p = dev->br_port;
        struct net_bridge *br;
-        if (dev->nd_net != &init_net)
+        if (dev_net(dev) != &init_net)
                return NOTIFY_DONE;
        /* not a port of a bridge */
diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c
index 0edbd2a1c3f3..8deab645ef75 100644
--- a/net/bridge/br_stp_bpdu.c
+++ b/net/bridge/br_stp_bpdu.c
@@ -142,7 +142,7 @@ int br_stp_rcv(struct sk_buff *skb, struct net_device *dev,
        struct net_bridge *br;
        const unsigned char *buf;
-        if (dev->nd_net != &init_net)
+        if (dev_net(dev) != &init_net)
                goto err;
        if (!p)
diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c
index 9cf0538d1717..27d6a511c8c1 100644
--- a/net/bridge/br_sysfs_br.c
+++ b/net/bridge/br_sysfs_br.c
@@ -415,21 +415,21 @@ int br_sysfs_addbr(struct net_device *dev)
        err = sysfs_create_group(brobj, &bridge_group);
        if (err) {
                pr_info("%s: can't create group %s/%s\n",
-                        __FUNCTION__, dev->name, bridge_group.name);
+                        __func__, dev->name, bridge_group.name);
                goto out1;
        }
        err = sysfs_create_bin_file(brobj, &bridge_forward);
        if (err) {
                pr_info("%s: can't create attribute file %s/%s\n",
-                        __FUNCTION__, dev->name, bridge_forward.attr.name);
+                        __func__, dev->name, bridge_forward.attr.name);
                goto out2;
        }
        br->ifobj = kobject_create_and_add(SYSFS_BRIDGE_PORT_SUBDIR, brobj);
        if (!br->ifobj) {
                pr_info("%s: can't add kobject (directory) %s/%s\n",
-                        __FUNCTION__, dev->name, SYSFS_BRIDGE_PORT_SUBDIR);
+                        __func__, dev->name, SYSFS_BRIDGE_PORT_SUBDIR);
                goto out3;
        }
        return 0;
diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig
index 4a3e2bf892c7..7beeefa0f9c0 100644
--- a/net/bridge/netfilter/Kconfig
+++ b/net/bridge/netfilter/Kconfig
@@ -212,4 +212,18 @@ config BRIDGE_EBT_ULOG
          To compile it as a module, choose M here.  If unsure, say N.
+config BRIDGE_EBT_NFLOG
+        tristate "ebt: nflog support"
+        depends on BRIDGE_NF_EBTABLES
+        help
+          This option enables the nflog watcher, which allows to LOG
+          messages through the netfilter logging API, which can use
+          either the old LOG target, the old ULOG target or nfnetlink_log
+          as backend.
+          This option adds the ulog watcher, that you can use in any rule
+          in any ebtables table.
+          To compile it as a module, choose M here.  If unsure, say N.
 endmenu
diff --git a/net/bridge/netfilter/Makefile b/net/bridge/netfilter/Makefile
index 905087e0d485..83715d73a503 100644
--- a/net/bridge/netfilter/Makefile
+++ b/net/bridge/netfilter/Makefile
@@ -30,3 +30,4 @@ obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o
 # watchers
 obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o
 obj-$(CONFIG_BRIDGE_EBT_ULOG) += ebt_ulog.o
+obj-$(CONFIG_BRIDGE_EBT_NFLOG) += ebt_nflog.o
diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c
new file mode 100644
index 000000000000..8e799aa9e560
--- /dev/null
+++ b/net/bridge/netfilter/ebt_nflog.c
@@ -0,0 +1,74 @@
+/*
+ * ebt_nflog
+ *
+ *      Author:
+ *      Peter Warasin <peter@endian.com>
+ *
+ *  February, 2008
+ *
+ * Based on:
+ *  xt_NFLOG.c, (C) 2006 by Patrick McHardy <kaber@trash.net>
+ *  ebt_ulog.c, (C) 2004 by Bart De Schuymer <bdschuym@pandora.be>
+ *
+ */
+#include <linux/module.h>
+#include <linux/spinlock.h>
+#include <linux/netfilter_bridge/ebtables.h>
+#include <linux/netfilter_bridge/ebt_nflog.h>
+#include <net/netfilter/nf_log.h>
+static void ebt_nflog(const struct sk_buff *skb,
+                      unsigned int hooknr,
+                      const struct net_device *in,
+                      const struct net_device *out,
+                      const void *data, unsigned int datalen)
+{
+        struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
+        struct nf_loginfo li;
+        li.type = NF_LOG_TYPE_ULOG;
+        li.u.ulog.copy_len = info->len;
+        li.u.ulog.group = info->group;
+        li.u.ulog.qthreshold = info->threshold;
+        nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix);
+}
+static int ebt_nflog_check(const char *tablename,
+                           unsigned int hookmask,
+                           const struct ebt_entry *e,
+                           void *data, unsigned int datalen)
+{
+        struct ebt_nflog_info *info = (struct ebt_nflog_info *)data;
+        if (datalen != EBT_ALIGN(sizeof(struct ebt_nflog_info)))
+                return -EINVAL;
+        if (info->flags & ~EBT_NFLOG_MASK)
+                return -EINVAL;
+        info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0';
+        return 0;
+}
+static struct ebt_watcher nflog __read_mostly = {
+        .name = EBT_NFLOG_WATCHER,
+        .watcher = ebt_nflog,
+        .check = ebt_nflog_check,
+        .me = THIS_MODULE,
+};
+static int __init ebt_nflog_init(void)
+{
+        return ebt_register_watcher(&nflog);
+}
+static void __exit ebt_nflog_fini(void)
+{
+        ebt_unregister_watcher(&nflog);
+}
+module_init(ebt_nflog_init);
+module_exit(ebt_nflog_fini);
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Peter Warasin <peter@endian.com>");
+MODULE_DESCRIPTION("ebtables NFLOG netfilter logging module");
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index be6f18681053..246626bb0c87 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -46,7 +46,7 @@ static struct ebt_table broute_table =
        .name           = "broute",
        .table          = &initial_table,
        .valid_hooks    = 1 << NF_BR_BROUTING,
-        .lock           = RW_LOCK_UNLOCKED,
+        .lock           = __RW_LOCK_UNLOCKED(broute_table.lock),
        .check          = check,
        .me             = THIS_MODULE,
 };
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index fb810908732f..690bc3ab186c 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -55,7 +55,7 @@ static struct ebt_table frame_filter =
        .name           = "filter",
        .table          = &initial_table,
        .valid_hooks    = FILTER_VALID_HOOKS,
-        .lock           = RW_LOCK_UNLOCKED,
+        .lock           = __RW_LOCK_UNLOCKED(frame_filter.lock),
        .check          = check,
        .me             = THIS_MODULE,
 };
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index bc712730c54a..5b495fe2d0b6 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -55,7 +55,7 @@ static struct ebt_table frame_nat =
        .name           = "nat",
        .table          = &initial_table,
        .valid_hooks    = NAT_VALID_HOOKS,
-        .lock           = RW_LOCK_UNLOCKED,
+        .lock           = __RW_LOCK_UNLOCKED(frame_nat.lock),
        .check          = check,
        .me             = THIS_MODULE,
 };