From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 13/20] netfilter: bridge: add and use nf_bridge_info_get helper
Date: Thu, 9 Apr 2015 13:34:57 +0200 [thread overview]
Message-ID: <1428579304-5520-14-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1428579304-5520-1-git-send-email-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
Don't access skb->nf_bridge directly, this pointer will be removed soon.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/bridge/br_netfilter.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index ca1cb67..301f12b 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -124,6 +124,11 @@ struct brnf_frag_data {
static DEFINE_PER_CPU(struct brnf_frag_data, brnf_frag_data_storage);
#endif
+static struct nf_bridge_info *nf_bridge_info_get(const struct sk_buff *skb)
+{
+ return skb->nf_bridge;
+}
+
static inline struct rtable *bridge_parent_rtable(const struct net_device *dev)
{
struct net_bridge_port *port;
@@ -268,7 +273,7 @@ static void nf_bridge_update_protocol(struct sk_buff *skb)
* bridge PRE_ROUTING hook. */
static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
{
- struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
struct rtable *rt;
if (nf_bridge->mask & BRNF_PKT_TYPE) {
@@ -300,7 +305,6 @@ static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb)
*/
static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
{
- struct nf_bridge_info *nf_bridge = skb->nf_bridge;
struct neighbour *neigh;
struct dst_entry *dst;
@@ -310,6 +314,7 @@ static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
dst = skb_dst(skb);
neigh = dst_neigh_lookup_skb(dst, skb);
if (neigh) {
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
int ret;
if (neigh->hh.hh_len) {
@@ -396,7 +401,7 @@ static int br_nf_pre_routing_finish(struct sk_buff *skb)
{
struct net_device *dev = skb->dev;
struct iphdr *iph = ip_hdr(skb);
- struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
struct rtable *rt;
int err;
int frag_max_size;
@@ -488,7 +493,7 @@ static struct net_device *brnf_get_logical_dev(struct sk_buff *skb, const struct
/* Some common code for IPv4/IPv6 */
static struct net_device *setup_pre_routing(struct sk_buff *skb)
{
- struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
if (skb->pkt_type == PACKET_OTHERHOST) {
skb->pkt_type = PACKET_HOST;
@@ -687,7 +692,7 @@ static unsigned int br_nf_local_in(const struct nf_hook_ops *ops,
/* PF_BRIDGE/FORWARD *************************************************/
static int br_nf_forward_finish(struct sk_buff *skb)
{
- struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
struct net_device *in;
if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) {
@@ -738,6 +743,10 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops,
if (!nf_bridge_unshare(skb))
return NF_DROP;
+ nf_bridge = nf_bridge_info_get(skb);
+ if (!nf_bridge)
+ return NF_DROP;
+
parent = bridge_parent(out);
if (!parent)
return NF_DROP;
@@ -751,7 +760,6 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops,
nf_bridge_pull_encap_header(skb);
- nf_bridge = skb->nf_bridge;
if (skb->pkt_type == PACKET_OTHERHOST) {
skb->pkt_type = PACKET_HOST;
nf_bridge->mask |= BRNF_PKT_TYPE;
@@ -886,7 +894,7 @@ static unsigned int br_nf_post_routing(const struct nf_hook_ops *ops,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
struct net_device *realoutdev = bridge_parent(skb->dev);
u_int8_t pf;
@@ -955,7 +963,7 @@ static unsigned int ip_sabotage_in(const struct nf_hook_ops *ops,
*/
static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb)
{
- struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
skb_pull(skb, ETH_HLEN);
nf_bridge->mask &= ~BRNF_BRIDGED_DNAT;
--
1.7.10.4
next prev parent reply other threads:[~2015-04-09 11:34 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-09 11:34 [PATCH 00/20] Netfilter updates for net-next Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 01/20] netfilter: nf_tables: add set timeout API support Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 02/20] netfilter: nf_tables: add set element timeout support Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 03/20] netfilter: nf_tables: add set garbage collection helpers Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 04/20] netfilter: nf_tables: add GC synchronization helpers Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 05/20] netfilter: nft_hash: add support for timeouts Pablo Neira Ayuso
2015-04-09 13:39 ` David Laight
2015-04-11 13:40 ` Pablo Neira Ayuso
2015-04-11 13:45 ` Patrick McHardy
2015-04-09 11:34 ` [PATCH 06/20] netfilter: x_tables: fix cgroup matching on non-full sks Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 07/20] netfilter: nft_meta: fix cgroup matching Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 08/20] netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 09/20] netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 10/20] netfilter: bridge: don't use nf_bridge_info data to store mac header Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 11/20] netfilter: bridge: add helpers for fetching physin/outdev Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 12/20] netfilter: physdev: use helpers Pablo Neira Ayuso
2015-04-09 11:34 ` Pablo Neira Ayuso [this message]
2015-04-09 11:34 ` [PATCH 14/20] netfilter: bridge: start splitting mask into public/private chunks Pablo Neira Ayuso
2015-04-09 11:34 ` [PATCH 15/20] netfilter: bridge: make BRNF_PKT_TYPE flag a bool Pablo Neira Ayuso
2015-04-09 11:35 ` [PATCH 16/20] netfilter: nf_tables: fix set selection when timeouts are requested Pablo Neira Ayuso
2015-04-09 11:35 ` [PATCH 17/20] netfilter: nf_tables: prepare set element accounting for async updates Pablo Neira Ayuso
2015-04-09 11:35 ` [PATCH 18/20] netfilter: nf_tables: support different set binding types Pablo Neira Ayuso
2015-04-09 11:35 ` [PATCH 19/20] netfilter: nf_tables: add support for dynamic set updates Pablo Neira Ayuso
2015-04-09 11:35 ` [PATCH 20/20] netfilter: nf_tables: support optional userdata for set elements Pablo Neira Ayuso
2015-04-09 18:46 ` [PATCH 00/20] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1428579304-5520-14-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).