diff options
Diffstat (limited to 'net/bridge')
| -rw-r--r-- | net/bridge/br_netfilter.c | 96 |
1 files changed, 56 insertions, 40 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index d22f611e4004..4fde7425077d 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
| @@ -905,46 +905,62 @@ static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb, | |||
| 905 | * For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because | 905 | * For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because |
| 906 | * ip_refrag() can return NF_STOLEN. */ | 906 | * ip_refrag() can return NF_STOLEN. */ |
| 907 | static struct nf_hook_ops br_nf_ops[] __read_mostly = { | 907 | static struct nf_hook_ops br_nf_ops[] __read_mostly = { |
| 908 | { .hook = br_nf_pre_routing, | 908 | { |
| 909 | .owner = THIS_MODULE, | 909 | .hook = br_nf_pre_routing, |
| 910 | .pf = PF_BRIDGE, | 910 | .owner = THIS_MODULE, |
| 911 | .hooknum = NF_BR_PRE_ROUTING, | 911 | .pf = PF_BRIDGE, |
| 912 | .priority = NF_BR_PRI_BRNF, }, | 912 | .hooknum = NF_BR_PRE_ROUTING, |
| 913 | { .hook = br_nf_local_in, | 913 | .priority = NF_BR_PRI_BRNF, |
| 914 | .owner = THIS_MODULE, | 914 | }, |
| 915 | .pf = PF_BRIDGE, | 915 | { |
| 916 | .hooknum = NF_BR_LOCAL_IN, | 916 | .hook = br_nf_local_in, |
| 917 | .priority = NF_BR_PRI_BRNF, }, | 917 | .owner = THIS_MODULE, |
| 918 | { .hook = br_nf_forward_ip, | 918 | .pf = PF_BRIDGE, |
| 919 | .owner = THIS_MODULE, | 919 | .hooknum = NF_BR_LOCAL_IN, |
| 920 | .pf = PF_BRIDGE, | 920 | .priority = NF_BR_PRI_BRNF, |
| 921 | .hooknum = NF_BR_FORWARD, | 921 | }, |
| 922 | .priority = NF_BR_PRI_BRNF - 1, }, | 922 | { |
| 923 | { .hook = br_nf_forward_arp, | 923 | .hook = br_nf_forward_ip, |
| 924 | .owner = THIS_MODULE, | 924 | .owner = THIS_MODULE, |
| 925 | .pf = PF_BRIDGE, | 925 | .pf = PF_BRIDGE, |
| 926 | .hooknum = NF_BR_FORWARD, | 926 | .hooknum = NF_BR_FORWARD, |
| 927 | .priority = NF_BR_PRI_BRNF, }, | 927 | .priority = NF_BR_PRI_BRNF - 1, |
| 928 | { .hook = br_nf_local_out, | 928 | }, |
| 929 | .owner = THIS_MODULE, | 929 | { |
| 930 | .pf = PF_BRIDGE, | 930 | .hook = br_nf_forward_arp, |
| 931 | .hooknum = NF_BR_LOCAL_OUT, | 931 | .owner = THIS_MODULE, |
| 932 | .priority = NF_BR_PRI_FIRST, }, | 932 | .pf = PF_BRIDGE, |
| 933 | { .hook = br_nf_post_routing, | 933 | .hooknum = NF_BR_FORWARD, |
| 934 | .owner = THIS_MODULE, | 934 | .priority = NF_BR_PRI_BRNF, |
| 935 | .pf = PF_BRIDGE, | 935 | }, |
| 936 | .hooknum = NF_BR_POST_ROUTING, | 936 | { |
| 937 | .priority = NF_BR_PRI_LAST, }, | 937 | .hook = br_nf_local_out, |
| 938 | { .hook = ip_sabotage_in, | 938 | .owner = THIS_MODULE, |
| 939 | .owner = THIS_MODULE, | 939 | .pf = PF_BRIDGE, |
| 940 | .pf = PF_INET, | 940 | .hooknum = NF_BR_LOCAL_OUT, |
| 941 | .hooknum = NF_INET_PRE_ROUTING, | 941 | .priority = NF_BR_PRI_FIRST, |
| 942 | .priority = NF_IP_PRI_FIRST, }, | 942 | }, |
| 943 | { .hook = ip_sabotage_in, | 943 | { |
| 944 | .owner = THIS_MODULE, | 944 | .hook = br_nf_post_routing, |
| 945 | .pf = PF_INET6, | 945 | .owner = THIS_MODULE, |
| 946 | .hooknum = NF_INET_PRE_ROUTING, | 946 | .pf = PF_BRIDGE, |
| 947 | .priority = NF_IP6_PRI_FIRST, }, | 947 | .hooknum = NF_BR_POST_ROUTING, |
| 948 | .priority = NF_BR_PRI_LAST, | ||
| 949 | }, | ||
| 950 | { | ||
| 951 | .hook = ip_sabotage_in, | ||
| 952 | .owner = THIS_MODULE, | ||
| 953 | .pf = PF_INET, | ||
| 954 | .hooknum = NF_INET_PRE_ROUTING, | ||
| 955 | .priority = NF_IP_PRI_FIRST, | ||
| 956 | }, | ||
| 957 | { | ||
| 958 | .hook = ip_sabotage_in, | ||
| 959 | .owner = THIS_MODULE, | ||
| 960 | .pf = PF_INET6, | ||
| 961 | .hooknum = NF_INET_PRE_ROUTING, | ||
| 962 | .priority = NF_IP6_PRI_FIRST, | ||
| 963 | }, | ||
| 948 | }; | 964 | }; |
| 949 | 965 | ||
| 950 | #ifdef CONFIG_SYSCTL | 966 | #ifdef CONFIG_SYSCTL |