Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3eaf4025 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: bridge: start splitting mask into public/private chunks 



->mask is a bit info field that mixes various use cases.

In particular, we have flags that are mutually exlusive, and flags that
are only used within br_netfilter while others need to be exposed to
other parts of the kernel.

Remove BRNF_8021Q/PPPoE flags.  They're mutually exclusive and only
needed within br_netfilter context.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 38330783

include/linux/netfilter_bridge.h

+1 −3
Original line number Diff line number Diff line
@@ -20,12 +20,10 @@ enum nf_br_hook_priorities { 
#define BRNF_PKT_TYPE			0x01

#define BRNF_BRIDGED_DNAT		0x02

#define BRNF_NF_BRIDGE_PREROUTING	0x08

#define BRNF_8021Q			0x10

#define BRNF_PPPoE			0x20



static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)

{

	if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE))

	if (skb->nf_bridge->orig_proto == BRNF_PROTO_PPPOE)

		return PPPOE_SES_HLEN;

	return 0;

}

include/linux/skbuff.h

+5 −0
Original line number Diff line number Diff line
@@ -166,6 +166,11 @@ struct nf_conntrack { 
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)

struct nf_bridge_info {

	atomic_t		use;

	enum {

		BRNF_PROTO_UNCHANGED,

		BRNF_PROTO_8021Q,

		BRNF_PROTO_PPPOE

	} orig_proto;

	unsigned int		mask;

	struct net_device	*physindev;

	struct net_device	*physoutdev;

net/bridge/br_netfilter.c

+11 −4
Original line number Diff line number Diff line
@@ -262,10 +262,16 @@ static int br_parse_ip_options(struct sk_buff *skb) 


static void nf_bridge_update_protocol(struct sk_buff *skb)

{

	if (skb->nf_bridge->mask & BRNF_8021Q)

	switch (skb->nf_bridge->orig_proto) {

	case BRNF_PROTO_8021Q:

		skb->protocol = htons(ETH_P_8021Q);

	else if (skb->nf_bridge->mask & BRNF_PPPoE)

		break;

	case BRNF_PROTO_PPPOE:

		skb->protocol = htons(ETH_P_PPP_SES);

		break;

	case BRNF_PROTO_UNCHANGED:

		break;

	}

}



/* PF_BRIDGE/PRE_ROUTING *********************************************/
@@ -503,10 +509,11 @@ static struct net_device *setup_pre_routing(struct sk_buff *skb) 
	nf_bridge->mask |= BRNF_NF_BRIDGE_PREROUTING;

	nf_bridge->physindev = skb->dev;

	skb->dev = brnf_get_logical_dev(skb, skb->dev);



	if (skb->protocol == htons(ETH_P_8021Q))

		nf_bridge->mask |= BRNF_8021Q;

		nf_bridge->orig_proto = BRNF_PROTO_8021Q;

	else if (skb->protocol == htons(ETH_P_PPP_SES))

		nf_bridge->mask |= BRNF_PPPoE;

		nf_bridge->orig_proto = BRNF_PROTO_PPPOE;



	/* Must drop socket now because of tproxy. */

	skb_orphan(skb);