use NF_BR_PRI_BRNF in NF_HOOK_THRESH

Message ID	1416366453-12090-2-git-send-email-gaofeng@cn.fujitsu.com
State	Changes Requested
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Gao feng <gaofeng@cn.fujitsu.com> To: <netfilter-devel@vger.kernel.org> CC: <pablo@netfilter.org>, Gao feng <gaofeng@cn.fujitsu.com> Subject: [PATCH] use NF_BR_PRI_BRNF in NF_HOOK_THRESH Date: Wed, 19 Nov 2014 11:07:33 +0800 Message-ID: <1416366453-12090-2-git-send-email-gaofeng@cn.fujitsu.com> In-Reply-To: <1416366453-12090-1-git-send-email-gaofeng@cn.fujitsu.com> References: <1416366453-12090-1-git-send-email-gaofeng@cn.fujitsu.com> MIME-Version: 1.0 Content-Type: text/plain Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Message ID

1416366453-12090-2-git-send-email-gaofeng@cn.fujitsu.com

State

Changes Requested

Delegated to:

Pablo Neira

Headers

From: Gao feng <gaofeng@cn.fujitsu.com>
To: <netfilter-devel@vger.kernel.org>
CC: <pablo@netfilter.org>, Gao feng <gaofeng@cn.fujitsu.com>
Subject: [PATCH] use NF_BR_PRI_BRNF in NF_HOOK_THRESH
Date: Wed, 19 Nov 2014 11:07:33 +0800
Message-ID: <1416366453-12090-2-git-send-email-gaofeng@cn.fujitsu.com>
In-Reply-To: <1416366453-12090-1-git-send-email-gaofeng@cn.fujitsu.com>
References: <1416366453-12090-1-git-send-email-gaofeng@cn.fujitsu.com>
MIME-Version: 1.0
Content-Type: text/plain
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Gao feng Nov. 19, 2014, 3:07 a.m. UTC

packets jump to ip/ipv6/arp netfilter from bridge
netfilter hooks whose priority are NF_BR_PRI_BRNF,
so when packets return to bridge netfilter, the
thresh is NF_BR_PRI_BRNF + 1.

this patch use marco NF_BR_PRI_BRNF + 1 to replace
the number 1.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 net/bridge/br_netfilter.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Pablo Neira Ayuso Nov. 19, 2014, 1:35 p.m. UTC | #1

On Wed, Nov 19, 2014 at 11:07:33AM +0800, Gao feng wrote:
> packets jump to ip/ipv6/arp netfilter from bridge
> netfilter hooks whose priority are NF_BR_PRI_BRNF,
> so when packets return to bridge netfilter, the
> thresh is NF_BR_PRI_BRNF + 1.
> 
> this patch use marco NF_BR_PRI_BRNF + 1 to replace
> the number 1.

This code has been using this for long long time. It would be great if
you can include in the description what was broken before this patch
or if this is a simple cleanup. Thanks Feng.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index eb00150..6c90696 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -242,7 +242,7 @@  static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
 	nf_bridge_update_protocol(skb);
 	nf_bridge_push_encap_header(skb);
 	NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
-		       br_handle_frame_finish, 1);
+		       br_handle_frame_finish, NF_BR_PRI_BRNF + 1);
 out:
 	return 0;
 drop:
@@ -399,7 +399,7 @@  bridged_dnat:
 					       NF_BR_PRE_ROUTING,
 					       skb, skb->dev, NULL,
 					       br_nf_pre_routing_finish_bridge,
-					       1);
+					       NF_BR_PRI_BRNF + 1);
 				return 0;
 			}
 			ether_addr_copy(eth_hdr(skb)->h_dest, dev->dev_addr);
@@ -418,7 +418,7 @@  bridged_dnat:
 	nf_bridge_update_protocol(skb);
 	nf_bridge_push_encap_header(skb);
 	NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
-		       br_handle_frame_finish, 1);
+		       br_handle_frame_finish, NF_BR_PRI_BRNF + 1);
 
 	return 0;
 }
@@ -659,7 +659,7 @@  static int br_nf_forward_finish(struct sk_buff *skb)
 	nf_bridge_push_encap_header(skb);
 
 	NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, in,
-		       skb->dev, br_forward_finish, 1);
+		       skb->dev, br_forward_finish, NF_BR_PRI_BRNF + 1);
 	return 0;
 }

use NF_BR_PRI_BRNF in NF_HOOK_THRESH

Commit Message

Comments

Patch