From patchwork Sat May 30 13:26:57 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernhard Thaler X-Patchwork-Id: 478437 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48F18140F91 for ; Sat, 30 May 2015 23:27:38 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932403AbbE3N1h (ORCPT ); Sat, 30 May 2015 09:27:37 -0400 Received: from mx-out.wvnet.at ([62.212.170.132]:57699 "EHLO mx-out.wvnet.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753684AbbE3N1g (ORCPT ); Sat, 30 May 2015 09:27:36 -0400 Received: from smtp.wvnet.at (localhost [127.0.0.1]) by mx-out.wvnet.at (Postfix) with ESMTP id E87531107E20 for ; Sat, 30 May 2015 15:27:34 +0200 (CEST) Received: (qmail 2357 invoked from network); 30 May 2015 13:27:34 -0000 Received: (simscan 1.4.1 ppid 2279 pid 2354 t 0.0169s) (scanners: regex: 1.4.1 attach: 1.4.1 clamav: 0.98.6/m:55/d:20118); 30 May 0115 13:27:34 -0000 X-WVNET-RELAY-spf-info: local_or_white X-WVNET-RELAY-policy-class: untrusted X-WVNET-RELAY-policy-run: [WDR-NB] Received: from smtpout2.drei.com (HELO localhost.localdomain) (bernhard.thaler@wvnet.at@[109.126.64.2]) (SMTPAUTH User bernhard.thaler@wvnet.at) (envelope-sender ) by smtp.wvnet.at (qmail-ldap-1.03) with SMTP for ; 30 May 2015 13:27:34 -0000 X-FEAS-AUTH-USER: From: Bernhard Thaler To: pablo@netfilter.org, kadlec@blackhole.kfki.hu Cc: netfilter-devel@vger.kernel.org, fw@strlen.de, Bernhard Thaler Subject: [PATCH 2/3] netfilter: bridge: re-order br_nf_pre_routing_finish_ipv6() Date: Sat, 30 May 2015 15:26:57 +0200 Message-Id: <1432992417-4016-1-git-send-email-bernhard.thaler@wvnet.at> X-Mailer: git-send-email 1.7.10.4 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Put br_nf_pre_routing_finish_ipv6() after daddr_was_changed() and br_nf_pre_routing_finish_bridge() to prepare calling these functions from there. Signed-off-by: Bernhard Thaler --- Patch revision history: v1 * was originally a part of "netfilter: bridge: detect NAT66 correctly and change MAC address" net/bridge/br_netfilter.c | 63 +++++++++++++++++++++++---------------------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 2651876..6cb642c 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -278,37 +278,6 @@ static void nf_bridge_update_protocol(struct sk_buff *skb) } } -/* PF_BRIDGE/PRE_ROUTING *********************************************/ -/* Undo the changes made for ip6tables PREROUTING and continue the - * bridge PRE_ROUTING hook. */ -static int br_nf_pre_routing_finish_ipv6(struct sock *sk, struct sk_buff *skb) -{ - struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); - struct rtable *rt; - - if (nf_bridge->pkt_otherhost) { - skb->pkt_type = PACKET_OTHERHOST; - nf_bridge->pkt_otherhost = false; - } - nf_bridge->mask &= ~BRNF_NF_BRIDGE_PREROUTING; - - rt = bridge_parent_rtable(nf_bridge->physindev); - if (!rt) { - kfree_skb(skb); - return 0; - } - skb_dst_set_noref(skb, &rt->dst); - - skb->dev = nf_bridge->physindev; - nf_bridge_update_protocol(skb); - nf_bridge_push_encap_header(skb); - NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, sk, skb, - skb->dev, NULL, - br_handle_frame_finish, 1); - - return 0; -} - /* Obtain the correct destination MAC address, while preserving the original * source MAC address. If we already know this address, we just copy it. If we * don't, we use the neighbour framework to find out. In both cases, we make @@ -360,6 +329,38 @@ static bool daddr_was_changed(const struct sk_buff *skb, return ip_hdr(skb)->daddr != nf_bridge->ipv4_daddr; } +/* PF_BRIDGE/PRE_ROUTING *********************************************/ +/* Undo the changes made for ip6tables PREROUTING and continue the + * bridge PRE_ROUTING hook. + */ +static int br_nf_pre_routing_finish_ipv6(struct sock *sk, struct sk_buff *skb) +{ + struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); + struct rtable *rt; + + if (nf_bridge->pkt_otherhost) { + skb->pkt_type = PACKET_OTHERHOST; + nf_bridge->pkt_otherhost = false; + } + nf_bridge->mask &= ~BRNF_NF_BRIDGE_PREROUTING; + + rt = bridge_parent_rtable(nf_bridge->physindev); + if (!rt) { + kfree_skb(skb); + return 0; + } + skb_dst_set_noref(skb, &rt->dst); + + skb->dev = nf_bridge->physindev; + nf_bridge_update_protocol(skb); + nf_bridge_push_encap_header(skb); + NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, sk, skb, + skb->dev, NULL, + br_handle_frame_finish, 1); + + return 0; +} + /* This requires some explaining. If DNAT has taken place, * we will need to fix up the destination Ethernet address. * This is also true when SNAT takes place (for the reply direction).