search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'hwmon-for-v6.13-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux.git] / net / bridge / netfilter / ebtable_broute.c
blob741360219552574f048e1135014ac7b8082273e6
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * ebtable_broute
4 *
5 * Authors:
6 * Bart De Schuymer <bdschuym@pandora.be>
7 *
8 * April, 2002
9 *
10 * This table lets you choose between routing and bridging for frames
11 * entering on a bridge enslaved nic. This table is traversed before any
12 * other ebtables table. See net/bridge/br_input.c.
13 */
14
15 #include <linux/netfilter_bridge/ebtables.h>
16 #include <linux/module.h>
17 #include <linux/if_bridge.h>
18
19 #include "../br_private.h"
20
21 /* EBT_ACCEPT means the frame will be bridged
22 * EBT_DROP means the frame will be routed
23 */
24 static struct ebt_entries initial_chain = {
25 .name = "BROUTING",
26 .policy = EBT_ACCEPT,
27 };
28
29 static struct ebt_replace_kernel initial_table = {
30 .name = "broute",
31 .valid_hooks = 1 << NF_BR_BROUTING,
32 .entries_size = sizeof(struct ebt_entries),
33 .hook_entry = {
34 [NF_BR_BROUTING] = &initial_chain,
35 },
36 .entries = (char *)&initial_chain,
37 };
38
39 static const struct ebt_table broute_table = {
40 .name = "broute",
41 .table = &initial_table,
42 .valid_hooks = 1 << NF_BR_BROUTING,
43 .me = THIS_MODULE,
44 };
45
46 static unsigned int ebt_broute(void *priv, struct sk_buff *skb,
47 const struct nf_hook_state *s)
48 {
49 struct net_bridge_port *p = br_port_get_rcu(skb->dev);
50 struct nf_hook_state state;
51 unsigned char *dest;
52 int ret;
53
54 if (!p || p->state != BR_STATE_FORWARDING)
55 return NF_ACCEPT;
56
57 nf_hook_state_init(&state, NF_BR_BROUTING,
58 NFPROTO_BRIDGE, s->in, NULL, NULL,
59 s->net, NULL);
60
61 ret = ebt_do_table(priv, skb, &state);
62 if (ret != NF_DROP)
63 return ret;
64
65 /* DROP in ebtables -t broute means that the
66 * skb should be routed, not bridged.
67 * This is awkward, but can't be changed for compatibility
68 * reasons.
69 *
70 * We map DROP to ACCEPT and set the ->br_netfilter_broute flag.
71 */
72 BR_INPUT_SKB_CB(skb)->br_netfilter_broute = 1;
73
74 /* undo PACKET_HOST mangling done in br_input in case the dst
75 * address matches the logical bridge but not the port.
76 */
77 dest = eth_hdr(skb)->h_dest;
78 if (skb->pkt_type == PACKET_HOST &&
79 !ether_addr_equal(skb->dev->dev_addr, dest) &&
80 ether_addr_equal(p->br->dev->dev_addr, dest))
81 skb->pkt_type = PACKET_OTHERHOST;
82
83 return NF_ACCEPT;
84 }
85
86 static const struct nf_hook_ops ebt_ops_broute = {
87 .hook = ebt_broute,
88 .pf = NFPROTO_BRIDGE,
89 .hooknum = NF_BR_PRE_ROUTING,
90 .priority = NF_BR_PRI_FIRST,
91 };
92
93 static int broute_table_init(struct net *net)
94 {
95 return ebt_register_table(net, &broute_table, &ebt_ops_broute);
96 }
97
98 static void __net_exit broute_net_pre_exit(struct net *net)
99 {
100 ebt_unregister_table_pre_exit(net, "broute");
101 }
102
103 static void __net_exit broute_net_exit(struct net *net)
104 {
105 ebt_unregister_table(net, "broute");
106 }
107
108 static struct pernet_operations broute_net_ops = {
109 .exit = broute_net_exit,
110 .pre_exit = broute_net_pre_exit,
111 };
112
113 static int __init ebtable_broute_init(void)
114 {
115 int ret = ebt_register_template(&broute_table, broute_table_init);
116
117 if (ret)
118 return ret;
119
120 ret = register_pernet_subsys(&broute_net_ops);
121 if (ret) {
122 ebt_unregister_template(&broute_table);
123 return ret;
124 }
125
126 return 0;
127 }
128
129 static void __exit ebtable_broute_fini(void)
130 {
131 unregister_pernet_subsys(&broute_net_ops);
132 ebt_unregister_template(&broute_table);
133 }
134
135 module_init(ebtable_broute_init);
136 module_exit(ebtable_broute_fini);
137 MODULE_LICENSE("GPL");
138 MODULE_DESCRIPTION("Force packets to be routed instead of bridged");
Linux Kernel