Ignore:
Timestamp:
2012-03-29T16:15:54+02:00 (5 years ago)
Author:
nbd
Message:

kernel: restore ebtables functionality by running netfilter hooks when the ebtables module is loaded

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch

    r31047 r31141  
     1--- a/net/bridge/br_forward.c 
     2+++ b/net/bridge/br_forward.c 
     3@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf 
     4  
     5 int br_forward_finish(struct sk_buff *skb) 
     6 { 
     7-       return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 
     8+       return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 
     9                       br_dev_queue_push_xmit); 
     10  
     11 } 
     12@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne 
     13                return; 
     14        } 
     15  
     16-       NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
     17+       BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
     18                br_forward_finish); 
     19 } 
     20  
     21@@ -91,7 +91,7 @@ static void __br_forward(const struct ne 
     22        skb->dev = to->dev; 
     23        skb_forward_csum(skb); 
     24  
     25-       NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 
     26+       BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 
     27                br_forward_finish); 
     28 } 
     29  
    130--- a/net/bridge/br_input.c 
    231+++ b/net/bridge/br_input.c 
     
    2857                break; 
    2958        default: 
     59--- a/net/bridge/br_multicast.c 
     60+++ b/net/bridge/br_multicast.c 
     61@@ -827,7 +827,7 @@ static void __br_multicast_send_query(st 
     62        if (port) { 
     63                __skb_push(skb, sizeof(struct ethhdr)); 
     64                skb->dev = port->dev; 
     65-               NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
     66+               BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
     67                        dev_queue_xmit); 
     68        } else 
     69                netif_rx(skb); 
    3070--- a/net/bridge/br_netfilter.c 
    3171+++ b/net/bridge/br_netfilter.c 
    32 @@ -71,6 +71,11 @@ static int brnf_filter_pppoe_tagged __re 
     72@@ -71,6 +71,15 @@ static int brnf_filter_pppoe_tagged __re 
    3373 #define IS_ARP(skb) \ 
    3474        (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP)) 
    3575  
     76+int brnf_call_ebtables __read_mostly = 0; 
     77+EXPORT_SYMBOL_GPL(brnf_call_ebtables); 
     78+ 
    3679+bool br_netfilter_run_hooks(void) 
    3780+{ 
    38 +       return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables; 
     81+       return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables | 
     82+              brnf_call_ebtables; 
    3983+} 
    4084+ 
     
    4488--- a/net/bridge/br_private.h 
    4589+++ b/net/bridge/br_private.h 
    46 @@ -493,12 +493,25 @@ static inline bool br_multicast_is_route 
     90@@ -490,15 +490,29 @@ static inline bool br_multicast_is_route 
     91  
     92 /* br_netfilter.c */ 
     93 #ifdef CONFIG_BRIDGE_NETFILTER 
     94+extern int brnf_call_ebtables; 
    4795 extern int br_netfilter_init(void); 
    4896 extern void br_netfilter_fini(void); 
     
    70118 extern void br_log_state(const struct net_bridge_port *p); 
    71119 extern struct net_bridge_port *br_get_port(struct net_bridge *br, 
    72 --- a/net/bridge/br_forward.c 
    73 +++ b/net/bridge/br_forward.c 
    74 @@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf 
    75   
    76  int br_forward_finish(struct sk_buff *skb) 
    77  { 
    78 -       return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 
    79 +       return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 
    80                        br_dev_queue_push_xmit); 
    81   
    82  } 
    83 @@ -74,7 +74,7 @@ static void __br_deliver(const struct ne 
    84                 return; 
    85         } 
    86   
    87 -       NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
    88 +       BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
    89                 br_forward_finish); 
    90  } 
    91   
    92 @@ -91,7 +91,7 @@ static void __br_forward(const struct ne 
    93         skb->dev = to->dev; 
    94         skb_forward_csum(skb); 
    95   
    96 -       NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 
    97 +       BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 
    98                 br_forward_finish); 
    99  } 
    100   
    101 --- a/net/bridge/br_multicast.c 
    102 +++ b/net/bridge/br_multicast.c 
    103 @@ -827,7 +827,7 @@ static void __br_multicast_send_query(st 
    104         if (port) { 
    105                 __skb_push(skb, sizeof(struct ethhdr)); 
    106                 skb->dev = port->dev; 
    107 -               NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
    108 +               BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 
    109                         dev_queue_xmit); 
    110         } else 
    111                 netif_rx(skb); 
    112120--- a/net/bridge/br_stp_bpdu.c 
    113121+++ b/net/bridge/br_stp_bpdu.c 
     
    121129 } 
    122130  
     131--- a/net/bridge/netfilter/ebtables.c 
     132+++ b/net/bridge/netfilter/ebtables.c 
     133@@ -2403,11 +2403,13 @@ static int __init ebtables_init(void) 
     134        } 
     135  
     136        printk(KERN_INFO "Ebtables v2.0 registered\n"); 
     137+       brnf_call_ebtables = 1; 
     138        return 0; 
     139 } 
     140  
     141 static void __exit ebtables_fini(void) 
     142 { 
     143+       brnf_call_ebtables = 0; 
     144        nf_unregister_sockopt(&ebt_sockopts); 
     145        xt_unregister_target(&ebt_standard_target); 
     146        printk(KERN_INFO "Ebtables v2.0 unregistered\n"); 
Note: See TracChangeset for help on using the changeset viewer.