Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | #ifndef __LINUX_BRIDGE_NETFILTER_H |
2 | #define __LINUX_BRIDGE_NETFILTER_H | |
3 | ||
607ca46e DH |
4 | #include <uapi/linux/netfilter_bridge.h> |
5 | ||
1da177e4 LT |
6 | |
7 | enum nf_br_hook_priorities { | |
8 | NF_BR_PRI_FIRST = INT_MIN, | |
9 | NF_BR_PRI_NAT_DST_BRIDGED = -300, | |
10 | NF_BR_PRI_FILTER_BRIDGED = -200, | |
11 | NF_BR_PRI_BRNF = 0, | |
12 | NF_BR_PRI_NAT_DST_OTHER = 100, | |
13 | NF_BR_PRI_FILTER_OTHER = 200, | |
14 | NF_BR_PRI_NAT_SRC = 300, | |
15 | NF_BR_PRI_LAST = INT_MAX, | |
16 | }; | |
17 | ||
18 | #ifdef CONFIG_BRIDGE_NETFILTER | |
19 | ||
20 | #define BRNF_PKT_TYPE 0x01 | |
21 | #define BRNF_BRIDGED_DNAT 0x02 | |
ea2d9b41 BDS |
22 | #define BRNF_BRIDGED 0x04 |
23 | #define BRNF_NF_BRIDGE_PREROUTING 0x08 | |
e179e632 BDS |
24 | #define BRNF_8021Q 0x10 |
25 | #define BRNF_PPPoE 0x20 | |
1da177e4 LT |
26 | |
27 | /* Only used in br_forward.c */ | |
a0f4ecf3 | 28 | int nf_bridge_copy_header(struct sk_buff *skb); |
07317621 | 29 | static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb) |
1da177e4 | 30 | { |
4a9ecd59 PM |
31 | if (skb->nf_bridge && |
32 | skb->nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT)) | |
07317621 SH |
33 | return nf_bridge_copy_header(skb); |
34 | return 0; | |
1da177e4 LT |
35 | } |
36 | ||
fc38582d PM |
37 | static inline unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb) |
38 | { | |
39 | switch (skb->protocol) { | |
f3a7c66b | 40 | case __cpu_to_be16(ETH_P_8021Q): |
fc38582d | 41 | return VLAN_HLEN; |
f3a7c66b | 42 | case __cpu_to_be16(ETH_P_PPP_SES): |
fc38582d PM |
43 | return PPPOE_SES_HLEN; |
44 | default: | |
45 | return 0; | |
46 | } | |
47 | } | |
48 | ||
6c79bf0f BDS |
49 | static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb) |
50 | { | |
51 | if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE)) | |
52 | return PPPOE_SES_HLEN; | |
53 | return 0; | |
54 | } | |
55 | ||
a0f4ecf3 | 56 | int br_handle_frame_finish(struct sk_buff *skb); |
ea2d9b41 BDS |
57 | /* Only used in br_device.c */ |
58 | static inline int br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) | |
59 | { | |
60 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; | |
61 | ||
62 | skb_pull(skb, ETH_HLEN); | |
63 | nf_bridge->mask ^= BRNF_BRIDGED_DNAT; | |
e179e632 BDS |
64 | skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), |
65 | skb->nf_bridge->data, ETH_HLEN-ETH_ALEN); | |
ea2d9b41 BDS |
66 | skb->dev = nf_bridge->physindev; |
67 | return br_handle_frame_finish(skb); | |
68 | } | |
69 | ||
1da177e4 LT |
70 | /* This is called by the IP fragmenting code and it ensures there is |
71 | * enough room for the encapsulating header (if there is one). */ | |
fc38582d | 72 | static inline unsigned int nf_bridge_pad(const struct sk_buff *skb) |
1da177e4 | 73 | { |
fc38582d PM |
74 | if (skb->nf_bridge) |
75 | return nf_bridge_encap_header_len(skb); | |
76 | return 0; | |
1da177e4 LT |
77 | } |
78 | ||
79 | struct bridge_skb_cb { | |
80 | union { | |
47c183fa | 81 | __be32 ipv4; |
1da177e4 LT |
82 | } daddr; |
83 | }; | |
10ea6ac8 | 84 | |
a881e963 PHP |
85 | static inline void br_drop_fake_rtable(struct sk_buff *skb) |
86 | { | |
87 | struct dst_entry *dst = skb_dst(skb); | |
88 | ||
89 | if (dst && (dst->flags & DST_FAKE_RTABLE)) | |
90 | skb_dst_drop(skb); | |
91 | } | |
92 | ||
07317621 SH |
93 | #else |
94 | #define nf_bridge_maybe_copy_header(skb) (0) | |
9bcfcaf5 | 95 | #define nf_bridge_pad(skb) (0) |
a881e963 | 96 | #define br_drop_fake_rtable(skb) do { } while (0) |
1da177e4 LT |
97 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
98 | ||
1da177e4 | 99 | #endif |