netfilter: avoid using skb->nf_bridge directly

		skb_dst_drop(skb);

}

static inline struct nf_bridge_info *

nf_bridge_info_get(const struct sk_buff *skb)

{

	return skb->nf_bridge;

}

static inline bool nf_bridge_info_exists(const struct sk_buff *skb)

{

	return skb->nf_bridge != NULL;

}

static inline int nf_bridge_get_physinif(const struct sk_buff *skb)

{

	struct nf_bridge_info *nf_bridge;

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	if (skb->nf_bridge == NULL)

	if (!nf_bridge)

		return 0;

	nf_bridge = skb->nf_bridge;

	return nf_bridge->physindev ? nf_bridge->physindev->ifindex : 0;

}

static inline int nf_bridge_get_physoutif(const struct sk_buff *skb)

{

	struct nf_bridge_info *nf_bridge;

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	if (skb->nf_bridge == NULL)

	if (!nf_bridge)

		return 0;

	nf_bridge = skb->nf_bridge;

	return nf_bridge->physoutdev ? nf_bridge->physoutdev->ifindex : 0;

}

static inline struct net_device *

nf_bridge_get_physindev(const struct sk_buff *skb)

{

	return skb->nf_bridge ? skb->nf_bridge->physindev : NULL;

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	return nf_bridge ? nf_bridge->physindev : NULL;

}

static inline struct net_device *

nf_bridge_get_physoutdev(const struct sk_buff *skb)

{

	return skb->nf_bridge ? skb->nf_bridge->physoutdev : NULL;

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	return nf_bridge ? nf_bridge->physoutdev : NULL;

}

static inline bool nf_bridge_in_prerouting(const struct sk_buff *skb)

{

	return skb->nf_bridge && skb->nf_bridge->in_prerouting;

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	return nf_bridge && nf_bridge->in_prerouting;

}

#else

#define br_drop_fake_rtable(skb)	        do { } while (0)

		      int (*okfn)(struct net *, struct sock *,

				  struct sk_buff *));

static inline struct nf_bridge_info *

nf_bridge_info_get(const struct sk_buff *skb)

{

	return skb->nf_bridge;

}

unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb);

static inline void nf_bridge_push_encap_header(struct sk_buff *skb)

void nf_bridge_update_protocol(struct sk_buff *skb)

{

	switch (skb->nf_bridge->orig_proto) {

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	switch (nf_bridge->orig_proto) {

	case BRNF_PROTO_8021Q:

		skb->protocol = htons(ETH_P_8021Q);

		break;

	struct net_device *parent;

	u_int8_t pf;

	if (!skb->nf_bridge)

	nf_bridge = nf_bridge_info_get(skb);

	if (!nf_bridge)

		return NF_ACCEPT;

	/* Need exclusive nf_bridge_info since we might have multiple

static unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)

{

	if (skb->nf_bridge->orig_proto == BRNF_PROTO_PPPOE)

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	if (nf_bridge->orig_proto == BRNF_PROTO_PPPOE)

		return PPPOE_SES_HLEN;

	return 0;

}

				   struct sk_buff *skb,

				   const struct nf_hook_state *state)

{

	if (skb->nf_bridge && !skb->nf_bridge->in_prerouting &&

	struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	if (nf_bridge && !nf_bridge->in_prerouting &&

	    !netif_is_l3_master(skb->dev)) {

		state->okfn(state->net, state->sk, skb);

		return NF_STOLEN;

static int br_nf_dev_xmit(struct sk_buff *skb)

{

	if (skb->nf_bridge && skb->nf_bridge->bridged_dnat) {

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

	if (nf_bridge && nf_bridge->bridged_dnat) {

		br_nf_pre_routing_finish_bridge_slow(skb);

		return 1;

	}

/* Send RST reply */

void nf_send_reset(struct net *net, struct sk_buff *oldskb, int hook)

{

	struct net_device *br_indev __maybe_unused;

	struct sk_buff *nskb;

	struct iphdr *niph;

	const struct tcphdr *oth;

	 * build the eth header using the original destination's MAC as the

	 * source, and send the RST packet directly.

	 */

	if (oldskb->nf_bridge) {

	br_indev = nf_bridge_get_physindev(oldskb);

	if (br_indev) {

		struct ethhdr *oeth = eth_hdr(oldskb);

		nskb->dev = nf_bridge_get_physindev(oldskb);

		nskb->dev = br_indev;

		niph->tot_len = htons(nskb->len);

		ip_send_check(niph);

		if (dev_hard_header(nskb, nskb->dev, ntohs(nskb->protocol),

void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)

{

	struct net_device *br_indev __maybe_unused;

	struct sk_buff *nskb;

	struct tcphdr _otcph;

	const struct tcphdr *otcph;

	 * build the eth header using the original destination's MAC as the

	 * source, and send the RST packet directly.

	 */

	if (oldskb->nf_bridge) {

	br_indev = nf_bridge_get_physindev(oldskb);

	if (br_indev) {

		struct ethhdr *oeth = eth_hdr(oldskb);

		nskb->dev = nf_bridge_get_physindev(oldskb);

		nskb->dev = br_indev;

		nskb->protocol = htons(ETH_P_IPV6);

		ip6h->payload_len = htons(sizeof(struct tcphdr));

		if (dev_hard_header(nskb, nskb->dev, ntohs(nskb->protocol),

				    oeth->h_source, oeth->h_dest, nskb->len) < 0)

				    oeth->h_source, oeth->h_dest, nskb->len) < 0) {

			kfree_skb(nskb);

			return;

		}

		dev_queue_xmit(nskb);

	} else

#endif