1
linux/net/bridge
Bart De Schuymer e179e6322a netfilter: bridge-netfilter: Fix MAC header handling with IP DNAT
- fix IP DNAT on vlan- or pppoe-encapsulated traffic: The functions
neigh_hh_output() or dst->neighbour->output() overwrite the complete
Ethernet header, although we only need the destination MAC address.
For encapsulated packets, they ended up overwriting the encapsulating
header. The new code copies the Ethernet source MAC address and
protocol number before calling dst->neighbour->output(). The Ethernet
source MAC and protocol number are copied back in place in
br_nf_pre_routing_finish_bridge_slow(). This also makes the IP DNAT
more transparent because in the old scheme the source MAC of the
bridge was copied into the source address in the Ethernet header. We
also let skb->protocol equal ETH_P_IP resp. ETH_P_IPV6 during the
execution of the PF_INET resp. PF_INET6 hooks.

- Speed up IP DNAT by calling neigh_hh_bridge() instead of
neigh_hh_output(): if dst->hh is available, we already know the MAC
address so we can just copy it.

Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-04-15 12:26:39 +02:00
..
netfilter netfilter: xtables: change targets to return error code 2010-03-25 16:55:49 +01:00
br_device.c netfilter: bridge-netfilter: simplify IP DNAT 2010-04-15 12:14:51 +02:00
br_fdb.c net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
br_forward.c netfilter: bridge-netfilter: update a comment in br_forward.c about ip_fragment() 2010-04-13 11:41:39 +02:00
br_if.c bridge: per-cpu packet statistics (v3) 2010-03-16 21:23:19 -07:00
br_input.c netfilter: bridge: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:29 +01:00
br_ioctl.c bridge: remove dev_put() in add_del_if() 2009-11-05 22:34:16 -08:00
br_multicast.c netfilter: bridge: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:29 +01:00
br_netfilter.c netfilter: bridge-netfilter: Fix MAC header handling with IP DNAT 2010-04-15 12:26:39 +02:00
br_netlink.c netlink: change nlmsg_notify() return value logic 2009-02-24 23:18:28 -08:00
br_notify.c netns bridge: allow bridges in netns! 2008-09-08 16:19:58 -07:00
br_private_stp.h net: remove CVS keywords 2008-06-11 21:00:38 -07:00
br_private.h bridge: per-cpu packet statistics (v3) 2010-03-16 21:23:19 -07:00
br_stp_bpdu.c netfilter: bridge: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:29 +01:00
br_stp_if.c bridge: Add multicast start/stop hooks 2010-02-28 00:49:38 -08:00
br_stp_timer.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
br_stp.c bridge: Add multicast start/stop hooks 2010-02-28 00:49:38 -08:00
br_sysfs_br.c bridge: Add multicast count/interval sysfs entries 2010-02-28 00:49:47 -08:00
br_sysfs_if.c Driver core: Constify struct sysfs_ops in struct kobj_type 2010-03-07 17:04:49 -08:00
br.c bridge: Use rcu_barrier() instead of syncronize_net() on unload. 2009-06-26 13:51:32 -07:00
Kconfig bridge: depends on INET 2010-03-03 01:23:22 -08:00
Makefile bridge: Add core IGMP snooping support 2010-02-28 00:48:45 -08:00