diff options
Diffstat (limited to 'net/bridge')
| -rw-r--r-- | net/bridge/br_netfilter.c | 19 | ||||
| -rw-r--r-- | net/bridge/br_netlink.c | 4 | ||||
| -rw-r--r-- | net/bridge/br_notify.c | 2 | ||||
| -rw-r--r-- | net/bridge/br_stp_bpdu.c | 2 | ||||
| -rw-r--r-- | net/bridge/br_sysfs_br.c | 6 | ||||
| -rw-r--r-- | net/bridge/netfilter/Kconfig | 14 | ||||
| -rw-r--r-- | net/bridge/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebt_nflog.c | 74 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_broute.c | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_filter.c | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_nat.c | 2 |
11 files changed, 110 insertions, 18 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 1c0efd8ad9f3..bb90cd7bace3 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -110,7 +110,10 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb) * ipt_REJECT needs it. Future netfilter modules might * require us to fill additional fields. */ static struct net_device __fake_net_device = { - .hard_header_len = ETH_HLEN + .hard_header_len = ETH_HLEN, +#ifdef CONFIG_NET_NS + .nd_net = &init_net, +#endif }; static struct rtable __fake_rtable = { @@ -223,8 +226,8 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) } nf_bridge->mask ^= BRNF_NF_BRIDGE_PREROUTING; - skb->dst = (struct dst_entry *)&__fake_rtable; - dst_hold(skb->dst); + skb->rtable = &__fake_rtable; + dst_hold(&__fake_rtable.u.dst); skb->dev = nf_bridge->physindev; nf_bridge_push_encap_header(skb); @@ -388,8 +391,8 @@ bridged_dnat: skb->pkt_type = PACKET_HOST; } } else { - skb->dst = (struct dst_entry *)&__fake_rtable; - dst_hold(skb->dst); + skb->rtable = &__fake_rtable; + dst_hold(&__fake_rtable.u.dst); } skb->dev = nf_bridge->physindev; @@ -608,9 +611,9 @@ static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff *skb, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - if (skb->dst == (struct dst_entry *)&__fake_rtable) { - dst_release(skb->dst); - skb->dst = NULL; + if (skb->rtable == &__fake_rtable) { + dst_release(&__fake_rtable.u.dst); + skb->rtable = NULL; } return NF_ACCEPT; diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index f5d69336d97b..f155e6ce8a21 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -108,7 +108,7 @@ errout: */ static int br_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) { - struct net *net = skb->sk->sk_net; + struct net *net = sock_net(skb->sk); struct net_device *dev; int idx; @@ -140,7 +140,7 @@ skip: */ static int br_rtm_setlink(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) { - struct net *net = skb->sk->sk_net; + struct net *net = sock_net(skb->sk); struct ifinfomsg *ifm; struct nlattr *protinfo; struct net_device *dev; diff --git a/net/bridge/br_notify.c b/net/bridge/br_notify.c index 07ac3ae68d8f..00644a544e3c 100644 --- a/net/bridge/br_notify.c +++ b/net/bridge/br_notify.c @@ -37,7 +37,7 @@ static int br_device_event(struct notifier_block *unused, unsigned long event, v struct net_bridge_port *p = dev->br_port; struct net_bridge *br; - if (dev->nd_net != &init_net) + if (dev_net(dev) != &init_net) return NOTIFY_DONE; /* not a port of a bridge */ diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c index 0edbd2a1c3f3..8deab645ef75 100644 --- a/net/bridge/br_stp_bpdu.c +++ b/net/bridge/br_stp_bpdu.c @@ -142,7 +142,7 @@ int br_stp_rcv(struct sk_buff *skb, struct net_device *dev, struct net_bridge *br; const unsigned char *buf; - if (dev->nd_net != &init_net) + if (dev_net(dev) != &init_net) goto err; if (!p) diff --git a/net/bridge/br_sysfs_br.c b/net/bridge/br_sysfs_br.c index 9cf0538d1717..27d6a511c8c1 100644 --- a/net/bridge/br_sysfs_br.c +++ b/net/bridge/br_sysfs_br.c @@ -415,21 +415,21 @@ int br_sysfs_addbr(struct net_device *dev) err = sysfs_create_group(brobj, &bridge_group); if (err) { pr_info("%s: can't create group %s/%s\n", - __FUNCTION__, dev->name, bridge_group.name); + __func__, dev->name, bridge_group.name); goto out1; } err = sysfs_create_bin_file(brobj, &bridge_forward); if (err) { pr_info("%s: can't create attribute file %s/%s\n", - __FUNCTION__, dev->name, bridge_forward.attr.name); + __func__, dev->name, bridge_forward.attr.name); goto out2; } br->ifobj = kobject_create_and_add(SYSFS_BRIDGE_PORT_SUBDIR, brobj); if (!br->ifobj) { pr_info("%s: can't add kobject (directory) %s/%s\n", - __FUNCTION__, dev->name, SYSFS_BRIDGE_PORT_SUBDIR); + __func__, dev->name, SYSFS_BRIDGE_PORT_SUBDIR); goto out3; } return 0; diff --git a/net/bridge/netfilter/Kconfig b/net/bridge/netfilter/Kconfig index 4a3e2bf892c7..7beeefa0f9c0 100644 --- a/net/bridge/netfilter/Kconfig +++ b/net/bridge/netfilter/Kconfig @@ -212,4 +212,18 @@ config BRIDGE_EBT_ULOG To compile it as a module, choose M here. If unsure, say N. +config BRIDGE_EBT_NFLOG + tristate "ebt: nflog support" + depends on BRIDGE_NF_EBTABLES + help + This option enables the nflog watcher, which allows to LOG + messages through the netfilter logging API, which can use + either the old LOG target, the old ULOG target or nfnetlink_log + as backend. + + This option adds the ulog watcher, that you can use in any rule + in any ebtables table. + + To compile it as a module, choose M here. If unsure, say N. + endmenu diff --git a/net/bridge/netfilter/Makefile b/net/bridge/netfilter/Makefile index 905087e0d485..83715d73a503 100644 --- a/net/bridge/netfilter/Makefile +++ b/net/bridge/netfilter/Makefile @@ -30,3 +30,4 @@ obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o # watchers obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o obj-$(CONFIG_BRIDGE_EBT_ULOG) += ebt_ulog.o +obj-$(CONFIG_BRIDGE_EBT_NFLOG) += ebt_nflog.o diff --git a/net/bridge/netfilter/ebt_nflog.c b/net/bridge/netfilter/ebt_nflog.c new file mode 100644 index 000000000000..8e799aa9e560 --- /dev/null +++ b/net/bridge/netfilter/ebt_nflog.c @@ -0,0 +1,74 @@ +/* + * ebt_nflog + * + * Author: + * Peter Warasin <peter@endian.com> + * + * February, 2008 + * + * Based on: + * xt_NFLOG.c, (C) 2006 by Patrick McHardy <kaber@trash.net> + * ebt_ulog.c, (C) 2004 by Bart De Schuymer <bdschuym@pandora.be> + * + */ + +#include <linux/module.h> +#include <linux/spinlock.h> +#include <linux/netfilter_bridge/ebtables.h> +#include <linux/netfilter_bridge/ebt_nflog.h> +#include <net/netfilter/nf_log.h> + +static void ebt_nflog(const struct sk_buff *skb, + unsigned int hooknr, + const struct net_device *in, + const struct net_device *out, + const void *data, unsigned int datalen) +{ + struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; + struct nf_loginfo li; + + li.type = NF_LOG_TYPE_ULOG; + li.u.ulog.copy_len = info->len; + li.u.ulog.group = info->group; + li.u.ulog.qthreshold = info->threshold; + + nf_log_packet(PF_BRIDGE, hooknr, skb, in, out, &li, "%s", info->prefix); +} + +static int ebt_nflog_check(const char *tablename, + unsigned int hookmask, + const struct ebt_entry *e, + void *data, unsigned int datalen) +{ + struct ebt_nflog_info *info = (struct ebt_nflog_info *)data; + + if (datalen != EBT_ALIGN(sizeof(struct ebt_nflog_info))) + return -EINVAL; + if (info->flags & ~EBT_NFLOG_MASK) + return -EINVAL; + info->prefix[EBT_NFLOG_PREFIX_SIZE - 1] = '\0'; + return 0; +} + +static struct ebt_watcher nflog __read_mostly = { + .name = EBT_NFLOG_WATCHER, + .watcher = ebt_nflog, + .check = ebt_nflog_check, + .me = THIS_MODULE, +}; + +static int __init ebt_nflog_init(void) +{ + return ebt_register_watcher(&nflog); +} + +static void __exit ebt_nflog_fini(void) +{ + ebt_unregister_watcher(&nflog); +} + +module_init(ebt_nflog_init); +module_exit(ebt_nflog_fini); +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Peter Warasin <peter@endian.com>"); +MODULE_DESCRIPTION("ebtables NFLOG netfilter logging module"); diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index be6f18681053..246626bb0c87 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c @@ -46,7 +46,7 @@ static struct ebt_table broute_table = .name = "broute", .table = &initial_table, .valid_hooks = 1 << NF_BR_BROUTING, - .lock = RW_LOCK_UNLOCKED, + .lock = __RW_LOCK_UNLOCKED(broute_table.lock), .check = check, .me = THIS_MODULE, }; diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index fb810908732f..690bc3ab186c 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c @@ -55,7 +55,7 @@ static struct ebt_table frame_filter = .name = "filter", .table = &initial_table, .valid_hooks = FILTER_VALID_HOOKS, - .lock = RW_LOCK_UNLOCKED, + .lock = __RW_LOCK_UNLOCKED(frame_filter.lock), .check = check, .me = THIS_MODULE, }; diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index bc712730c54a..5b495fe2d0b6 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c @@ -55,7 +55,7 @@ static struct ebt_table frame_nat = .name = "nat", .table = &initial_table, .valid_hooks = NAT_VALID_HOOKS, - .lock = RW_LOCK_UNLOCKED, + .lock = __RW_LOCK_UNLOCKED(frame_nat.lock), .check = check, .me = THIS_MODULE, }; |