| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | #ifndef __LINUX_BRIDGE_NETFILTER_H |
| 2 | #define __LINUX_BRIDGE_NETFILTER_H |
| 3 | |
| David Howells | 607ca46 | 2012-10-13 10:46:48 +0100 | [diff] [blame] | 4 | #include <uapi/linux/netfilter_bridge.h> |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 5 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 6 | |
| 7 | enum nf_br_hook_priorities { |
| 8 | NF_BR_PRI_FIRST = INT_MIN, |
| 9 | NF_BR_PRI_NAT_DST_BRIDGED = -300, |
| 10 | NF_BR_PRI_FILTER_BRIDGED = -200, |
| 11 | NF_BR_PRI_BRNF = 0, |
| 12 | NF_BR_PRI_NAT_DST_OTHER = 100, |
| 13 | NF_BR_PRI_FILTER_OTHER = 200, |
| 14 | NF_BR_PRI_NAT_SRC = 300, |
| 15 | NF_BR_PRI_LAST = INT_MAX, |
| 16 | }; |
| 17 | |
| 18 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 19 | |
| 20 | #define BRNF_PKT_TYPE 0x01 |
| 21 | #define BRNF_BRIDGED_DNAT 0x02 |
| Bart De Schuymer | ea2d9b4 | 2010-04-15 12:14:51 +0200 | [diff] [blame] | 22 | #define BRNF_BRIDGED 0x04 |
| 23 | #define BRNF_NF_BRIDGE_PREROUTING 0x08 |
| Bart De Schuymer | e179e63 | 2010-04-15 12:26:39 +0200 | [diff] [blame] | 24 | #define BRNF_8021Q 0x10 |
| 25 | #define BRNF_PPPoE 0x20 |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 26 | |
| 27 | /* Only used in br_forward.c */ |
| Stephen Hemminger | 07317621 | 2006-08-29 17:48:17 -0700 | [diff] [blame] | 28 | extern int nf_bridge_copy_header(struct sk_buff *skb); |
| 29 | static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb) |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 30 | { |
| Patrick McHardy | 4a9ecd5 | 2007-12-13 09:32:04 -0800 | [diff] [blame] | 31 | if (skb->nf_bridge && |
| 32 | skb->nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT)) |
| Stephen Hemminger | 07317621 | 2006-08-29 17:48:17 -0700 | [diff] [blame] | 33 | return nf_bridge_copy_header(skb); |
| 34 | return 0; |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 35 | } |
| 36 | |
| Patrick McHardy | fc38582 | 2007-05-03 03:36:16 -0700 | [diff] [blame] | 37 | static inline unsigned int nf_bridge_encap_header_len(const struct sk_buff *skb) |
| 38 | { |
| 39 | switch (skb->protocol) { |
| Harvey Harrison | f3a7c66 | 2009-02-14 22:58:35 -0800 | [diff] [blame] | 40 | case __cpu_to_be16(ETH_P_8021Q): |
| Patrick McHardy | fc38582 | 2007-05-03 03:36:16 -0700 | [diff] [blame] | 41 | return VLAN_HLEN; |
| Harvey Harrison | f3a7c66 | 2009-02-14 22:58:35 -0800 | [diff] [blame] | 42 | case __cpu_to_be16(ETH_P_PPP_SES): |
| Patrick McHardy | fc38582 | 2007-05-03 03:36:16 -0700 | [diff] [blame] | 43 | return PPPOE_SES_HLEN; |
| 44 | default: |
| 45 | return 0; |
| 46 | } |
| 47 | } |
| 48 | |
| Bart De Schuymer | 6c79bf0 | 2010-04-20 16:22:01 +0200 | [diff] [blame] | 49 | static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb) |
| 50 | { |
| 51 | if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE)) |
| 52 | return PPPOE_SES_HLEN; |
| 53 | return 0; |
| 54 | } |
| 55 | |
| Bart De Schuymer | ea2d9b4 | 2010-04-15 12:14:51 +0200 | [diff] [blame] | 56 | extern int br_handle_frame_finish(struct sk_buff *skb); |
| 57 | /* Only used in br_device.c */ |
| 58 | static inline int br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb) |
| 59 | { |
| 60 | struct nf_bridge_info *nf_bridge = skb->nf_bridge; |
| 61 | |
| 62 | skb_pull(skb, ETH_HLEN); |
| 63 | nf_bridge->mask ^= BRNF_BRIDGED_DNAT; |
| Bart De Schuymer | e179e63 | 2010-04-15 12:26:39 +0200 | [diff] [blame] | 64 | skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), |
| 65 | skb->nf_bridge->data, ETH_HLEN-ETH_ALEN); |
| Bart De Schuymer | ea2d9b4 | 2010-04-15 12:14:51 +0200 | [diff] [blame] | 66 | skb->dev = nf_bridge->physindev; |
| 67 | return br_handle_frame_finish(skb); |
| 68 | } |
| 69 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 70 | /* This is called by the IP fragmenting code and it ensures there is |
| 71 | * enough room for the encapsulating header (if there is one). */ |
| Patrick McHardy | fc38582 | 2007-05-03 03:36:16 -0700 | [diff] [blame] | 72 | static inline unsigned int nf_bridge_pad(const struct sk_buff *skb) |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 73 | { |
| Patrick McHardy | fc38582 | 2007-05-03 03:36:16 -0700 | [diff] [blame] | 74 | if (skb->nf_bridge) |
| 75 | return nf_bridge_encap_header_len(skb); |
| 76 | return 0; |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 77 | } |
| 78 | |
| 79 | struct bridge_skb_cb { |
| 80 | union { |
| Al Viro | 47c183fa | 2006-11-14 21:11:51 -0800 | [diff] [blame] | 81 | __be32 ipv4; |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 82 | } daddr; |
| 83 | }; |
| Patrick McHardy | 10ea6ac | 2006-07-24 22:54:55 -0700 | [diff] [blame] | 84 | |
| Peter Huang (Peng) | a881e96 | 2012-04-19 20:12:51 +0000 | [diff] [blame] | 85 | static inline void br_drop_fake_rtable(struct sk_buff *skb) |
| 86 | { |
| 87 | struct dst_entry *dst = skb_dst(skb); |
| 88 | |
| 89 | if (dst && (dst->flags & DST_FAKE_RTABLE)) |
| 90 | skb_dst_drop(skb); |
| 91 | } |
| 92 | |
| Stephen Hemminger | 07317621 | 2006-08-29 17:48:17 -0700 | [diff] [blame] | 93 | #else |
| 94 | #define nf_bridge_maybe_copy_header(skb) (0) |
| Stephen Hemminger | 9bcfcaf | 2006-08-29 17:48:57 -0700 | [diff] [blame] | 95 | #define nf_bridge_pad(skb) (0) |
| Peter Huang (Peng) | a881e96 | 2012-04-19 20:12:51 +0000 | [diff] [blame] | 96 | #define br_drop_fake_rtable(skb) do { } while (0) |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 97 | #endif /* CONFIG_BRIDGE_NETFILTER */ |
| 98 | |
| Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 99 | #endif |