From patchwork Fri Nov 14 10:29:50 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alvaro Neira X-Patchwork-Id: 410753 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 18EAC140079 for ; Fri, 14 Nov 2014 21:29:32 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755032AbaKNK3a (ORCPT ); Fri, 14 Nov 2014 05:29:30 -0500 Received: from mail-wi0-f174.google.com ([209.85.212.174]:36058 "EHLO mail-wi0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755019AbaKNK33 (ORCPT ); Fri, 14 Nov 2014 05:29:29 -0500 Received: by mail-wi0-f174.google.com with SMTP id h11so2241518wiw.1 for ; Fri, 14 Nov 2014 02:29:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:in-reply-to:references; bh=WLvuIVzpXT236jvlsUHJhqjLkvczpLOWxfJYVZH21mc=; b=KeU+wta+kI1RlkrAnQxBvAzB+YhUmUWJHgg0k0dHy7ufQu6hP/B/yx3guWkfy9NU6n ++N+akxoeoDXSjZK23dWHAJVDl7eF35oSX6UFG8fezva+W6AVs2g/xQtu/jWAjF+20nH 4ug178JZPcfbQs1Bti6vbv75TDjRg5jA5r6+Qo738agYuY1Wh9N623lZQsTmEsgiMP23 IVmQ+clj5ghiFQXL5kLoO6JSX7YycDlmgegr29iUiUboOVnhwuqpIkjn8mVIyf1RT5kq +PksUFhTGH+0kxh0c4U+4rCcRqYumdLJzeUCnJivgp5vQtjeaKVew7c8LbNZrT3rZZOa sncg== X-Received: by 10.194.222.98 with SMTP id ql2mr12661117wjc.10.1415960967869; Fri, 14 Nov 2014 02:29:27 -0800 (PST) Received: from localhost.localdomain (129.166.216.87.static.jazztel.es. [87.216.166.129]) by mx.google.com with ESMTPSA id 10sm39068009wjs.21.2014.11.14.02.29.26 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 14 Nov 2014 02:29:27 -0800 (PST) From: Alvaro Neira Ayuso To: netfilter-devel@vger.kernel.org Subject: [PATCH nf 2/2] bridge: set the pktinfo for IPv4/IPv6 traffic Date: Fri, 14 Nov 2014 11:29:50 +0100 Message-Id: <1415960990-19489-2-git-send-email-alvaroneay@gmail.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1415960990-19489-1-git-send-email-alvaroneay@gmail.com> References: <1415960990-19489-1-git-send-email-alvaroneay@gmail.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch sets the pktinfo for IPv4/IPv6 traffic. Therefore, we can check the meta l4proto for IPv4/IPv6 traffic in bridge, before we don't have enough information to do it. Signed-off-by: Alvaro Neira Ayuso --- net/bridge/netfilter/nf_tables_bridge.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/net/bridge/netfilter/nf_tables_bridge.c b/net/bridge/netfilter/nf_tables_bridge.c index d468c19..0a0f0ca 100644 --- a/net/bridge/netfilter/nf_tables_bridge.c +++ b/net/bridge/netfilter/nf_tables_bridge.c @@ -16,6 +16,8 @@ #include #include #include +#include +#include int nft_bridge_iphdr_validate(struct sk_buff *skb) { @@ -71,8 +73,21 @@ nft_do_chain_bridge(const struct nf_hook_ops *ops, { struct nft_pktinfo pkt; - nft_set_pktinfo(&pkt, ops, skb, in, out); + switch (eth_hdr(skb)->h_proto) { + case htons(ETH_P_IP): + if (!nft_bridge_iphdr_validate(skb)) + break; + nft_set_pktinfo_ipv4(&pkt, ops, skb, in, out); + return nft_do_chain(&pkt, ops); + case htons(ETH_P_IPV6): + if (!nft_bridge_ip6hdr_validate(skb)) + break; + if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0) + break; + return nft_do_chain(&pkt, ops); + } + nft_set_pktinfo(&pkt, ops, skb, in, out); return nft_do_chain(&pkt, ops); }