summaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/br_netfilter.c116
1 files changed, 63 insertions, 53 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 70a395b..cf18d02 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -136,7 +136,7 @@ static void __br_dnat_complain(void)
if (jiffies - last_complaint >= 5 * HZ) {
printk(KERN_WARNING "Performing cross-bridge DNAT requires IP "
- "forwarding to be enabled\n");
+ "forwarding to be enabled\n");
last_complaint = jiffies;
}
}
@@ -218,12 +218,17 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING;
if (dnat_took_place(skb)) {
- if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
- dev)) {
+ if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev)) {
struct rtable *rt;
- struct flowi fl = { .nl_u =
- { .ip4_u = { .daddr = iph->daddr, .saddr = 0 ,
- .tos = RT_TOS(iph->tos)} }, .proto = 0};
+ struct flowi fl = {
+ .nl_u = {
+ .ip4_u = {
+ .daddr = iph->daddr,
+ .saddr = 0,
+ .tos = RT_TOS(iph->tos) },
+ },
+ .proto = 0,
+ };
if (!ip_route_output_key(&rt, &fl)) {
/* - Bridged-and-DNAT'ed traffic doesn't
@@ -257,8 +262,7 @@ bridged_dnat:
1);
return 0;
}
- memcpy(eth_hdr(skb)->h_dest, dev->dev_addr,
- ETH_ALEN);
+ memcpy(eth_hdr(skb)->h_dest, dev->dev_addr, ETH_ALEN);
skb->pkt_type = PACKET_HOST;
}
} else {
@@ -297,10 +301,10 @@ static struct net_device *setup_pre_routing(struct sk_buff *skb)
/* We only check the length. A bridge shouldn't do any hop-by-hop stuff anyway */
static int check_hbh_len(struct sk_buff *skb)
{
- unsigned char *raw = (u8*)(skb->nh.ipv6h+1);
+ unsigned char *raw = (u8 *) (skb->nh.ipv6h + 1);
u32 pkt_len;
int off = raw - skb->nh.raw;
- int len = (raw[1]+1)<<3;
+ int len = (raw[1] + 1) << 3;
if ((raw + len) - skb->data > skb_headlen(skb))
goto bad;
@@ -309,7 +313,7 @@ static int check_hbh_len(struct sk_buff *skb)
len -= 2;
while (len > 0) {
- int optlen = skb->nh.raw[off+1]+2;
+ int optlen = skb->nh.raw[off + 1] + 2;
switch (skb->nh.raw[off]) {
case IPV6_TLV_PAD0:
@@ -320,16 +324,16 @@ static int check_hbh_len(struct sk_buff *skb)
break;
case IPV6_TLV_JUMBO:
- if (skb->nh.raw[off+1] != 4 || (off&3) != 2)
+ if (skb->nh.raw[off + 1] != 4 || (off & 3) != 2)
goto bad;
- pkt_len = ntohl(*(u32*)(skb->nh.raw+off+2));
+ pkt_len = ntohl(*(u32 *) (skb->nh.raw + off + 2));
if (pkt_len <= IPV6_MAXPLEN ||
skb->nh.ipv6h->payload_len)
goto bad;
if (pkt_len > skb->len - sizeof(struct ipv6hdr))
goto bad;
if (pskb_trim_rcsum(skb,
- pkt_len+sizeof(struct ipv6hdr)))
+ pkt_len + sizeof(struct ipv6hdr)))
goto bad;
break;
default:
@@ -350,8 +354,10 @@ bad:
/* Replicate the checks that IPv6 does on packet reception and pass the packet
* to ip6tables, which doesn't support NAT, so things are fairly simple. */
static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
- struct sk_buff *skb, const struct net_device *in,
- const struct net_device *out, int (*okfn)(struct sk_buff *))
+ struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
struct ipv6hdr *hdr;
u32 pkt_len;
@@ -381,9 +387,9 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook,
}
}
if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb))
- goto inhdr_error;
+ goto inhdr_error;
- nf_bridge_put(skb->nf_bridge);
+ nf_bridge_put(skb->nf_bridge);
if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
return NF_DROP;
if (!setup_pre_routing(skb))
@@ -452,15 +458,15 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
if (iph->ihl < 5 || iph->version != 4)
goto inhdr_error;
- if (!pskb_may_pull(skb, 4*iph->ihl))
+ if (!pskb_may_pull(skb, 4 * iph->ihl))
goto inhdr_error;
iph = skb->nh.iph;
- if (ip_fast_csum((__u8 *)iph, iph->ihl) != 0)
+ if (ip_fast_csum((__u8 *) iph, iph->ihl) != 0)
goto inhdr_error;
len = ntohs(iph->tot_len);
- if (skb->len < len || len < 4*iph->ihl)
+ if (skb->len < len || len < 4 * iph->ihl)
goto inhdr_error;
if (skb->len > len) {
@@ -469,7 +475,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
skb->ip_summed = CHECKSUM_NONE;
}
- nf_bridge_put(skb->nf_bridge);
+ nf_bridge_put(skb->nf_bridge);
if ((nf_bridge = nf_bridge_alloc(skb)) == NULL)
return NF_DROP;
if (!setup_pre_routing(skb))
@@ -482,7 +488,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
return NF_STOLEN;
inhdr_error:
-// IP_INC_STATS_BH(IpInHdrErrors);
+// IP_INC_STATS_BH(IpInHdrErrors);
out:
return NF_DROP;
}
@@ -496,8 +502,9 @@ out:
* register an IPv4 PRE_ROUTING 'sabotage' hook that will
* prevent this from happening. */
static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
@@ -509,7 +516,6 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb,
return NF_ACCEPT;
}
-
/* PF_BRIDGE/FORWARD *************************************************/
static int br_nf_forward_finish(struct sk_buff *skb)
{
@@ -531,7 +537,7 @@ static int br_nf_forward_finish(struct sk_buff *skb)
skb->nh.raw -= VLAN_HLEN;
}
NF_HOOK_THRESH(PF_BRIDGE, NF_BR_FORWARD, skb, in,
- skb->dev, br_forward_finish, 1);
+ skb->dev, br_forward_finish, 1);
return 0;
}
@@ -541,8 +547,9 @@ static int br_nf_forward_finish(struct sk_buff *skb)
* because of the physdev module. For ARP, indev and outdev are the
* bridge ports. */
static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
struct nf_bridge_info *nf_bridge;
@@ -584,8 +591,9 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff **pskb,
}
static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
@@ -617,7 +625,6 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff **pskb,
return NF_STOLEN;
}
-
/* PF_BRIDGE/LOCAL_OUT ***********************************************/
static int br_nf_local_out_finish(struct sk_buff *skb)
{
@@ -627,7 +634,7 @@ static int br_nf_local_out_finish(struct sk_buff *skb)
}
NF_HOOK_THRESH(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev,
- br_forward_finish, NF_BR_PRI_FIRST + 1);
+ br_forward_finish, NF_BR_PRI_FIRST + 1);
return 0;
}
@@ -653,8 +660,9 @@ static int br_nf_local_out_finish(struct sk_buff *skb)
* even routed packets that didn't arrive on a bridge interface have their
* nf_bridge->physindev set. */
static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
struct net_device *realindev, *realoutdev;
struct sk_buff *skb = *pskb;
@@ -716,7 +724,7 @@ static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb,
/* IP forwarded traffic has a physindev, locally
* generated traffic hasn't. */
if (realindev != NULL) {
- if (!(nf_bridge->mask & BRNF_DONT_TAKE_PARENT) ) {
+ if (!(nf_bridge->mask & BRNF_DONT_TAKE_PARENT)) {
struct net_device *parent = bridge_parent(realindev);
if (parent)
realindev = parent;
@@ -738,8 +746,9 @@ out:
/* PF_BRIDGE/POST_ROUTING ********************************************/
static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;
@@ -752,7 +761,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
* keep the check just to be sure... */
if (skb->mac.raw < skb->head || skb->mac.raw + ETH_HLEN > skb->data) {
printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: "
- "bad mac.raw pointer.");
+ "bad mac.raw pointer.");
goto print_error;
}
#endif
@@ -794,7 +803,7 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
realoutdev = nf_bridge->netoutdev;
#endif
NF_HOOK(pf, NF_IP_POST_ROUTING, skb, NULL, realoutdev,
- br_dev_queue_push_xmit);
+ br_dev_queue_push_xmit);
return NF_STOLEN;
@@ -806,18 +815,18 @@ print_error:
printk("[%s]", realoutdev->name);
}
printk(" head:%p, raw:%p, data:%p\n", skb->head, skb->mac.raw,
- skb->data);
+ skb->data);
return NF_ACCEPT;
#endif
}
-
/* IP/SABOTAGE *****************************************************/
/* Don't hand locally destined packets to PF_INET(6)/PRE_ROUTING
* for the second time. */
static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
if ((*pskb)->nf_bridge &&
!((*pskb)->nf_bridge->mask & BRNF_NF_BRIDGE_PREROUTING)) {
@@ -831,18 +840,18 @@ static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff **pskb,
* and PF_INET(6)/POST_ROUTING until we have done the forwarding
* decision in the bridge code and have determined nf_bridge->physoutdev. */
static unsigned int ip_sabotage_out(unsigned int hook, struct sk_buff **pskb,
- const struct net_device *in, const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
struct sk_buff *skb = *pskb;
if ((out->hard_start_xmit == br_dev_xmit &&
- okfn != br_nf_forward_finish &&
- okfn != br_nf_local_out_finish &&
- okfn != br_dev_queue_push_xmit)
+ okfn != br_nf_forward_finish &&
+ okfn != br_nf_local_out_finish && okfn != br_dev_queue_push_xmit)
#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
|| ((out->priv_flags & IFF_802_1Q_VLAN) &&
- VLAN_DEV_INFO(out)->real_dev->hard_start_xmit == br_dev_xmit)
+ VLAN_DEV_INFO(out)->real_dev->hard_start_xmit == br_dev_xmit)
#endif
) {
struct nf_bridge_info *nf_bridge;
@@ -967,8 +976,8 @@ static struct nf_hook_ops br_nf_ops[] = {
#ifdef CONFIG_SYSCTL
static
-int brnf_sysctl_call_tables(ctl_table *ctl, int write, struct file * filp,
- void __user *buffer, size_t *lenp, loff_t *ppos)
+int brnf_sysctl_call_tables(ctl_table * ctl, int write, struct file *filp,
+ void __user * buffer, size_t * lenp, loff_t * ppos)
{
int ret;
@@ -1055,7 +1064,8 @@ int br_netfilter_init(void)
#ifdef CONFIG_SYSCTL
brnf_sysctl_header = register_sysctl_table(brnf_net_table, 0);
if (brnf_sysctl_header == NULL) {
- printk(KERN_WARNING "br_netfilter: can't register to sysctl.\n");
+ printk(KERN_WARNING
+ "br_netfilter: can't register to sysctl.\n");
for (i = 0; i < ARRAY_SIZE(br_nf_ops); i++)
nf_unregister_hook(&br_nf_ops[i]);
return -EFAULT;
OpenPOWER on IntegriCloud