aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/br_device.c2
-rw-r--r--net/bridge/br_netfilter.c96
2 files changed, 57 insertions, 41 deletions
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 18538d7460d7..15d43ba86b53 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -39,7 +39,7 @@ int br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
39 else 39 else
40 br_flood_deliver(br, skb); 40 br_flood_deliver(br, skb);
41 41
42 return 0; 42 return NETDEV_TX_OK;
43} 43}
44 44
45static int br_dev_open(struct net_device *dev) 45static int br_dev_open(struct net_device *dev)
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index d22f611e4004..4fde7425077d 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -905,46 +905,62 @@ static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb,
905 * For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because 905 * For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because
906 * ip_refrag() can return NF_STOLEN. */ 906 * ip_refrag() can return NF_STOLEN. */
907static struct nf_hook_ops br_nf_ops[] __read_mostly = { 907static struct nf_hook_ops br_nf_ops[] __read_mostly = {
908 { .hook = br_nf_pre_routing, 908 {
909 .owner = THIS_MODULE, 909 .hook = br_nf_pre_routing,
910 .pf = PF_BRIDGE, 910 .owner = THIS_MODULE,
911 .hooknum = NF_BR_PRE_ROUTING, 911 .pf = PF_BRIDGE,
912 .priority = NF_BR_PRI_BRNF, }, 912 .hooknum = NF_BR_PRE_ROUTING,
913 { .hook = br_nf_local_in, 913 .priority = NF_BR_PRI_BRNF,
914 .owner = THIS_MODULE, 914 },
915 .pf = PF_BRIDGE, 915 {
916 .hooknum = NF_BR_LOCAL_IN, 916 .hook = br_nf_local_in,
917 .priority = NF_BR_PRI_BRNF, }, 917 .owner = THIS_MODULE,
918 { .hook = br_nf_forward_ip, 918 .pf = PF_BRIDGE,
919 .owner = THIS_MODULE, 919 .hooknum = NF_BR_LOCAL_IN,
920 .pf = PF_BRIDGE, 920 .priority = NF_BR_PRI_BRNF,
921 .hooknum = NF_BR_FORWARD, 921 },
922 .priority = NF_BR_PRI_BRNF - 1, }, 922 {
923 { .hook = br_nf_forward_arp, 923 .hook = br_nf_forward_ip,
924 .owner = THIS_MODULE, 924 .owner = THIS_MODULE,
925 .pf = PF_BRIDGE, 925 .pf = PF_BRIDGE,
926 .hooknum = NF_BR_FORWARD, 926 .hooknum = NF_BR_FORWARD,
927 .priority = NF_BR_PRI_BRNF, }, 927 .priority = NF_BR_PRI_BRNF - 1,
928 { .hook = br_nf_local_out, 928 },
929 .owner = THIS_MODULE, 929 {
930 .pf = PF_BRIDGE, 930 .hook = br_nf_forward_arp,
931 .hooknum = NF_BR_LOCAL_OUT, 931 .owner = THIS_MODULE,
932 .priority = NF_BR_PRI_FIRST, }, 932 .pf = PF_BRIDGE,
933 { .hook = br_nf_post_routing, 933 .hooknum = NF_BR_FORWARD,
934 .owner = THIS_MODULE, 934 .priority = NF_BR_PRI_BRNF,
935 .pf = PF_BRIDGE, 935 },
936 .hooknum = NF_BR_POST_ROUTING, 936 {
937 .priority = NF_BR_PRI_LAST, }, 937 .hook = br_nf_local_out,
938 { .hook = ip_sabotage_in, 938 .owner = THIS_MODULE,
939 .owner = THIS_MODULE, 939 .pf = PF_BRIDGE,
940 .pf = PF_INET, 940 .hooknum = NF_BR_LOCAL_OUT,
941 .hooknum = NF_INET_PRE_ROUTING, 941 .priority = NF_BR_PRI_FIRST,
942 .priority = NF_IP_PRI_FIRST, }, 942 },
943 { .hook = ip_sabotage_in, 943 {
944 .owner = THIS_MODULE, 944 .hook = br_nf_post_routing,
945 .pf = PF_INET6, 945 .owner = THIS_MODULE,
946 .hooknum = NF_INET_PRE_ROUTING, 946 .pf = PF_BRIDGE,
947 .priority = NF_IP6_PRI_FIRST, }, 947 .hooknum = NF_BR_POST_ROUTING,
948 .priority = NF_BR_PRI_LAST,
949 },
950 {
951 .hook = ip_sabotage_in,
952 .owner = THIS_MODULE,
953 .pf = PF_INET,
954 .hooknum = NF_INET_PRE_ROUTING,
955 .priority = NF_IP_PRI_FIRST,
956 },
957 {
958 .hook = ip_sabotage_in,
959 .owner = THIS_MODULE,
960 .pf = PF_INET6,
961 .hooknum = NF_INET_PRE_ROUTING,
962 .priority = NF_IP6_PRI_FIRST,
963 },
948}; 964};
949 965
950#ifdef CONFIG_SYSCTL 966#ifdef CONFIG_SYSCTL