Root/
1 | #ifndef __LINUX_BRIDGE_NETFILTER_H |
2 | #define __LINUX_BRIDGE_NETFILTER_H |
3 | |
4 | #include <uapi/linux/netfilter_bridge.h> |
5 | |
6 | |
7 | enum nf_br_hook_priorities { |
8 | NF_BR_PRI_FIRST = INT_MIN, |
9 | NF_BR_PRI_NAT_DST_BRIDGED = -300, |
10 | NF_BR_PRI_FILTER_BRIDGED = -200, |
11 | NF_BR_PRI_BRNF = 0, |
12 | NF_BR_PRI_NAT_DST_OTHER = 100, |
13 | NF_BR_PRI_FILTER_OTHER = 200, |
14 | NF_BR_PRI_NAT_SRC = 300, |
15 | NF_BR_PRI_LAST = INT_MAX, |
16 | }; |
17 | |
18 | #ifdef CONFIG_BRIDGE_NETFILTER |
19 | |
20 | #define BRNF_PKT_TYPE 0x01 |
21 | #define BRNF_BRIDGED_DNAT 0x02 |
22 | #define BRNF_BRIDGED 0x04 |
23 | #define BRNF_NF_BRIDGE_PREROUTING 0x08 |
24 | #define BRNF_8021Q 0x10 |
25 | #define BRNF_PPPoE 0x20 |
26 | |
27 | /* Only used in br_forward.c */ |
28 | extern int nf_bridge_copy_header(struct sk_buff *skb); |
29 | static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb) |
30 | { |
31 | if (skb->nf_bridge && |
32 | skb->nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT)) |
33 | return nf_bridge_copy_header(skb); |
34 | return 0; |
35 | } |
36 | |
37 | static inline unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb) |
38 | { |
39 | switch (skb->protocol) { |
40 | case __cpu_to_be16(ETH_P_8021Q): |
41 | return VLAN_HLEN; |
42 | case __cpu_to_be16(ETH_P_PPP_SES): |
43 | return PPPOE_SES_HLEN; |
44 | default: |
45 | return 0; |
46 | } |
47 | } |
48 | |
49 | static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb) |
50 | { |
51 | if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE)) |
52 | return PPPOE_SES_HLEN; |
53 | return 0; |
54 | } |
55 | |
56 | extern int br_handle_frame_finish(struct sk_buff *skb); |
57 | /* Only used in br_device.c */ |
58 | static inline int br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) |
59 | { |
60 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
61 | |
62 | skb_pull(skb, ETH_HLEN); |
63 | nf_bridge->mask ^= BRNF_BRIDGED_DNAT; |
64 | skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), |
65 | skb->nf_bridge->data, ETH_HLEN-ETH_ALEN); |
66 | skb->dev = nf_bridge->physindev; |
67 | return br_handle_frame_finish(skb); |
68 | } |
69 | |
70 | /* This is called by the IP fragmenting code and it ensures there is |
71 | * enough room for the encapsulating header (if there is one). */ |
72 | static inline unsigned int nf_bridge_pad(const struct sk_buff *skb) |
73 | { |
74 | if (skb->nf_bridge) |
75 | return nf_bridge_encap_header_len(skb); |
76 | return 0; |
77 | } |
78 | |
79 | struct bridge_skb_cb { |
80 | union { |
81 | __be32 ipv4; |
82 | } daddr; |
83 | }; |
84 | |
85 | static inline void br_drop_fake_rtable(struct sk_buff *skb) |
86 | { |
87 | struct dst_entry *dst = skb_dst(skb); |
88 | |
89 | if (dst && (dst->flags & DST_FAKE_RTABLE)) |
90 | skb_dst_drop(skb); |
91 | } |
92 | |
93 | #else |
94 | #define nf_bridge_maybe_copy_header(skb) (0) |
95 | #define nf_bridge_pad(skb) (0) |
96 | #define br_drop_fake_rtable(skb) do { } while (0) |
97 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
98 | |
99 | #endif |
100 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9