diff options
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/br_netfilter.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index e4a418fcb35b..e0ceb66a9ec5 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
@@ -228,6 +228,7 @@ int nf_bridge_copy_header(struct sk_buff *skb) | |||
228 | static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) | 228 | static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) |
229 | { | 229 | { |
230 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 230 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
231 | struct rtable *rt; | ||
231 | 232 | ||
232 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 233 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
233 | skb->pkt_type = PACKET_OTHERHOST; | 234 | skb->pkt_type = PACKET_OTHERHOST; |
@@ -235,12 +236,13 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) | |||
235 | } | 236 | } |
236 | nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; | 237 | nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; |
237 | 238 | ||
238 | skb->rtable = bridge_parent_rtable(nf_bridge->physindev); | 239 | rt = bridge_parent_rtable(nf_bridge->physindev); |
239 | if (!skb->rtable) { | 240 | if (!rt) { |
240 | kfree_skb(skb); | 241 | kfree_skb(skb); |
241 | return 0; | 242 | return 0; |
242 | } | 243 | } |
243 | dst_hold(&skb->rtable->u.dst); | 244 | dst_hold(&rt->u.dst); |
245 | skb->dst = &rt->u.dst; | ||
244 | 246 | ||
245 | skb->dev = nf_bridge->physindev; | 247 | skb->dev = nf_bridge->physindev; |
246 | nf_bridge_push_encap_header(skb); | 248 | nf_bridge_push_encap_header(skb); |
@@ -338,6 +340,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) | |||
338 | struct net_device *dev = skb->dev; | 340 | struct net_device *dev = skb->dev; |
339 | struct iphdr *iph = ip_hdr(skb); | 341 | struct iphdr *iph = ip_hdr(skb); |
340 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | 342 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
343 | struct rtable *rt; | ||
341 | int err; | 344 | int err; |
342 | 345 | ||
343 | if (nf_bridge->mask & BRNF_PKT_TYPE) { | 346 | if (nf_bridge->mask & BRNF_PKT_TYPE) { |
@@ -347,7 +350,6 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb) | |||
347 | nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; | 350 | nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; |
348 | if (dnat_took_place(skb)) { | 351 | if (dnat_took_place(skb)) { |
349 | if ((err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))) { | 352 | if ((err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev))) { |
350 | struct rtable *rt; | ||
351 | struct flowi fl = { | 353 | struct flowi fl = { |
352 | .nl_u = { | 354 | .nl_u = { |
353 | .ip4_u = { | 355 | .ip4_u = { |
@@ -404,12 +406,13 @@ bridged_dnat: | |||
404 | skb->pkt_type = PACKET_HOST; | 406 | skb->pkt_type = PACKET_HOST; |
405 | } | 407 | } |
406 | } else { | 408 | } else { |
407 | skb->rtable = bridge_parent_rtable(nf_bridge->physindev); | 409 | rt = bridge_parent_rtable(nf_bridge->physindev); |
408 | if (!skb->rtable) { | 410 | if (!rt) { |
409 | kfree_skb(skb); | 411 | kfree_skb(skb); |
410 | return 0; | 412 | return 0; |
411 | } | 413 | } |
412 | dst_hold(&skb->rtable->u.dst); | 414 | dst_hold(&rt->u.dst); |
415 | skb->dst = &rt->u.dst; | ||
413 | } | 416 | } |
414 | 417 | ||
415 | skb->dev = nf_bridge->physindev; | 418 | skb->dev = nf_bridge->physindev; |
@@ -628,9 +631,11 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, | |||
628 | const struct net_device *out, | 631 | const struct net_device *out, |
629 | int (*okfn)(struct sk_buff *)) | 632 | int (*okfn)(struct sk_buff *)) |
630 | { | 633 | { |
631 | if (skb->rtable && skb->rtable == bridge_parent_rtable(in)) { | 634 | struct rtable *rt = skb_rtable(skb); |
632 | dst_release(&skb->rtable->u.dst); | 635 | |
633 | skb->rtable = NULL; | 636 | if (rt && rt == bridge_parent_rtable(in)) { |
637 | dst_release(&rt->u.dst); | ||
638 | skb->dst = NULL; | ||
634 | } | 639 | } |
635 | 640 | ||
636 | return NF_ACCEPT; | 641 | return NF_ACCEPT; |