From: nbd Date: Thu, 29 Mar 2012 14:15:54 +0000 (+0000) Subject: kernel: restore ebtables functionality by running netfilter hooks when the ebtables... X-Git-Url: https://git.rohieb.name/openwrt.git/commitdiff_plain/5ace2c89edaf55572ed96142d23ea3d09531cf2c kernel: restore ebtables functionality by running netfilter hooks when the ebtables module is loaded git-svn-id: svn://svn.openwrt.org/openwrt/trunk@31141 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- diff --git a/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch b/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch index 91139854b..6c3c3e5c6 100644 --- a/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch +++ b/target/linux/generic/patches-3.2/644-bridge_optimize_netfilter_hooks.patch @@ -1,12 +1,16 @@ --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c -@@ -62,6 +62,11 @@ static int brnf_filter_pppoe_tagged __re +@@ -62,6 +62,15 @@ static int brnf_filter_pppoe_tagged __re #define brnf_filter_pppoe_tagged 0 #endif ++int brnf_call_ebtables __read_mostly = 0; ++EXPORT_SYMBOL_GPL(brnf_call_ebtables); ++ +bool br_netfilter_run_hooks(void) +{ -+ return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables; ++ return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables | ++ brnf_call_ebtables; +} + static inline __be16 vlan_proto(const struct sk_buff *skb) @@ -14,7 +18,11 @@ if (vlan_tx_tag_present(skb)) --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h -@@ -491,12 +491,25 @@ static inline bool br_multicast_is_route +@@ -488,15 +488,29 @@ static inline bool br_multicast_is_route + + /* br_netfilter.c */ + #ifdef CONFIG_BRIDGE_NETFILTER ++extern int brnf_call_ebtables; extern int br_netfilter_init(void); extern void br_netfilter_fini(void); extern void br_netfilter_rtable_init(struct net_bridge *); @@ -120,3 +128,19 @@ dev_queue_xmit); } +--- a/net/bridge/netfilter/ebtables.c ++++ b/net/bridge/netfilter/ebtables.c +@@ -2399,11 +2399,13 @@ static int __init ebtables_init(void) + } + + printk(KERN_INFO "Ebtables v2.0 registered\n"); ++ brnf_call_ebtables = 1; + return 0; + } + + static void __exit ebtables_fini(void) + { ++ brnf_call_ebtables = 0; + nf_unregister_sockopt(&ebt_sockopts); + xt_unregister_target(&ebt_standard_target); + printk(KERN_INFO "Ebtables v2.0 unregistered\n"); diff --git a/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch b/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch index d2fdd614c..3b02c5cf9 100644 --- a/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch +++ b/target/linux/generic/patches-3.3/644-bridge_optimize_netfilter_hooks.patch @@ -1,3 +1,32 @@ +--- a/net/bridge/br_forward.c ++++ b/net/bridge/br_forward.c +@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf + + int br_forward_finish(struct sk_buff *skb) + { +- return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, ++ return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, + br_dev_queue_push_xmit); + + } +@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne + return; + } + +- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, ++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, + br_forward_finish); + } + +@@ -91,7 +91,7 @@ static void __br_forward(const struct ne + skb->dev = to->dev; + skb_forward_csum(skb); + +- NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, ++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, + br_forward_finish); + } + --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -40,7 +40,7 @@ static int br_pass_frame_up(struct sk_bu @@ -27,15 +56,30 @@ br_handle_frame_finish); break; default: +--- a/net/bridge/br_multicast.c ++++ b/net/bridge/br_multicast.c +@@ -827,7 +827,7 @@ static void __br_multicast_send_query(st + if (port) { + __skb_push(skb, sizeof(struct ethhdr)); + skb->dev = port->dev; +- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, ++ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, + dev_queue_xmit); + } else + netif_rx(skb); --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c -@@ -71,6 +71,11 @@ static int brnf_filter_pppoe_tagged __re +@@ -71,6 +71,15 @@ static int brnf_filter_pppoe_tagged __re #define IS_ARP(skb) \ (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP)) ++int brnf_call_ebtables __read_mostly = 0; ++EXPORT_SYMBOL_GPL(brnf_call_ebtables); ++ +bool br_netfilter_run_hooks(void) +{ -+ return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables; ++ return brnf_call_iptables | brnf_call_ip6tables | brnf_call_arptables | ++ brnf_call_ebtables; +} + static inline __be16 vlan_proto(const struct sk_buff *skb) @@ -43,7 +87,11 @@ if (vlan_tx_tag_present(skb)) --- a/net/bridge/br_private.h +++ b/net/bridge/br_private.h -@@ -493,12 +493,25 @@ static inline bool br_multicast_is_route +@@ -490,15 +490,29 @@ static inline bool br_multicast_is_route + + /* br_netfilter.c */ + #ifdef CONFIG_BRIDGE_NETFILTER ++extern int brnf_call_ebtables; extern int br_netfilter_init(void); extern void br_netfilter_fini(void); extern void br_netfilter_rtable_init(struct net_bridge *); @@ -69,46 +117,6 @@ /* br_stp.c */ extern void br_log_state(const struct net_bridge_port *p); extern struct net_bridge_port *br_get_port(struct net_bridge *br, ---- a/net/bridge/br_forward.c -+++ b/net/bridge/br_forward.c -@@ -55,7 +55,7 @@ int br_dev_queue_push_xmit(struct sk_buf - - int br_forward_finish(struct sk_buff *skb) - { -- return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, -+ return BR_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, - br_dev_queue_push_xmit); - - } -@@ -74,7 +74,7 @@ static void __br_deliver(const struct ne - return; - } - -- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, -+ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, - br_forward_finish); - } - -@@ -91,7 +91,7 @@ static void __br_forward(const struct ne - skb->dev = to->dev; - skb_forward_csum(skb); - -- NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, -+ BR_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, - br_forward_finish); - } - ---- a/net/bridge/br_multicast.c -+++ b/net/bridge/br_multicast.c -@@ -827,7 +827,7 @@ static void __br_multicast_send_query(st - if (port) { - __skb_push(skb, sizeof(struct ethhdr)); - skb->dev = port->dev; -- NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, -+ BR_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, - dev_queue_xmit); - } else - netif_rx(skb); --- a/net/bridge/br_stp_bpdu.c +++ b/net/bridge/br_stp_bpdu.c @@ -52,7 +52,7 @@ static void br_send_bpdu(struct net_brid @@ -120,3 +128,19 @@ dev_queue_xmit); } +--- a/net/bridge/netfilter/ebtables.c ++++ b/net/bridge/netfilter/ebtables.c +@@ -2403,11 +2403,13 @@ static int __init ebtables_init(void) + } + + printk(KERN_INFO "Ebtables v2.0 registered\n"); ++ brnf_call_ebtables = 1; + return 0; + } + + static void __exit ebtables_fini(void) + { ++ brnf_call_ebtables = 0; + nf_unregister_sockopt(&ebt_sockopts); + xt_unregister_target(&ebt_standard_target); + printk(KERN_INFO "Ebtables v2.0 unregistered\n");