netfilter: bridge: move br_netfilter out of the core (34666d46) · Commits · 戴 / test

include/linux/netfilter_bridge.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -15,7 +15,7 @@ enum nf_br_hook_priorities {
		NF_BR_PRI_LAST = INT_MAX,
		};

		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)

		#define BRNF_PKT_TYPE 0x01
		#define BRNF_BRIDGED_DNAT 0x02

include/linux/skbuff.h

+6 −6

Original line number	Diff line number	Diff line
		@@ -156,7 +156,7 @@ struct nf_conntrack {
		};
		#endif

		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		struct nf_bridge_info {
		atomic_t use;
		unsigned int mask;
		@@ -560,7 +560,7 @@ struct sk_buff {
		#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
		struct nf_conntrack *nfct;
		#endif
		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		struct nf_bridge_info *nf_bridge;
		#endif

		@@ -2977,7 +2977,7 @@ static inline void nf_conntrack_get(struct nf_conntrack *nfct)
		atomic_inc(&nfct->use);
		}
		#endif
		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		static inline void nf_bridge_put(struct nf_bridge_info *nf_bridge)
		{
		if (nf_bridge && atomic_dec_and_test(&nf_bridge->use))
		@@ -2995,7 +2995,7 @@ static inline void nf_reset(struct sk_buff *skb)
		nf_conntrack_put(skb->nfct);
		skb->nfct = NULL;
		#endif
		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		nf_bridge_put(skb->nf_bridge);
		skb->nf_bridge = NULL;
		#endif
		@@ -3016,7 +3016,7 @@ static inline void __nf_copy(struct sk_buff dst, const struct sk_buff src)
		nf_conntrack_get(src->nfct);
		dst->nfctinfo = src->nfctinfo;
		#endif
		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		dst->nf_bridge = src->nf_bridge;
		nf_bridge_get(src->nf_bridge);
		#endif
		@@ -3030,7 +3030,7 @@ static inline void nf_copy(struct sk_buff dst, const struct sk_buff src)
		#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
		nf_conntrack_put(dst->nfct);
		#endif
		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		nf_bridge_put(dst->nf_bridge);
		#endif
		__nf_copy(dst, src);

include/net/neighbour.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -373,7 +373,7 @@ static inline int neigh_event_send(struct neighbour neigh, struct sk_buff skb)
		return 0;
		}

		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		static inline int neigh_hh_bridge(struct hh_cache hh, struct sk_buff skb)
		{
		unsigned int seq, hh_alen;

include/net/netfilter/ipv4/nf_reject.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -98,7 +98,7 @@ static void nf_send_reset(struct sk_buff *oldskb, int hook)

		nf_ct_attach(nskb, oldskb);

		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		/* If we use ip_local_out for bridged traffic, the MAC source on
		* the RST will be ours, instead of the destination's. This confuses
		* some routers/firewalls, and they drop the packet. So we need to

include/net/netfilter/ipv6/nf_reject.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -147,7 +147,7 @@ static void nf_send_reset6(struct net net, struct sk_buff oldskb, int hook)

		nf_ct_attach(nskb, oldskb);

		#ifdef CONFIG_BRIDGE_NETFILTER
		#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
		/* If we use ip6_local_out for bridged traffic, the MAC source on
		* the RST will be ours, instead of the destination's. This confuses
		* some routers/firewalls, and they drop the packet. So we need to

Admin message