netfilter: propagate net to nf_bridge_get_physindev

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This is a preparation patch for replacing physindev with physinif on
nf_bridge_info structure. We will use dev_get_by_index_rcu to resolve
device, when needed, and it requires net to be available.

Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Pavel Tikhomirov and committed by

Pablo Neira Ayuso 2 years ago a54e7219 aeaa4407

+16 -15

7 changed files

expand all

include

linux

netfilter_bridge.h

net

ipv4

netfilter

nf_reject_ipv4.c

ipv6

netfilter

nf_reject_ipv6.c

netfilter

ipset

ip_set_hash_netiface.c

nf_log_syslog.c

nf_queue.c

xt_physdev.c

+1 -1

include/linux/netfilter_bridge.h

··· 56 56 } 57 57 58 58 static inline struct net_device * 59 - nf_bridge_get_physindev(const struct sk_buff *skb) 59 + nf_bridge_get_physindev(const struct sk_buff *skb, struct net *net) 60 60 { 61 61 const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); 62 62

+1 -1

net/ipv4/netfilter/nf_reject_ipv4.c

··· 289 289 * build the eth header using the original destination's MAC as the 290 290 * source, and send the RST packet directly. 291 291 */ 292 - br_indev = nf_bridge_get_physindev(oldskb); 292 + br_indev = nf_bridge_get_physindev(oldskb, net); 293 293 if (br_indev) { 294 294 struct ethhdr *oeth = eth_hdr(oldskb); 295 295

+1 -1

net/ipv6/netfilter/nf_reject_ipv6.c

··· 354 354 * build the eth header using the original destination's MAC as the 355 355 * source, and send the RST packet directly. 356 356 */ 357 - br_indev = nf_bridge_get_physindev(oldskb); 357 + br_indev = nf_bridge_get_physindev(oldskb, net); 358 358 if (br_indev) { 359 359 struct ethhdr *oeth = eth_hdr(oldskb); 360 360

+4 -4

net/netfilter/ipset/ip_set_hash_netiface.c

··· 138 138 #include "ip_set_hash_gen.h" 139 139 140 140 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 141 - static const char *get_physindev_name(const struct sk_buff *skb) 141 + static const char *get_physindev_name(const struct sk_buff *skb, struct net *net) 142 142 { 143 - struct net_device *dev = nf_bridge_get_physindev(skb); 143 + struct net_device *dev = nf_bridge_get_physindev(skb, net); 144 144 145 145 return dev ? dev->name : NULL; 146 146 } ··· 177 177 178 178 if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { 179 179 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 180 - const char *eiface = SRCDIR ? get_physindev_name(skb) : 180 + const char *eiface = SRCDIR ? get_physindev_name(skb, xt_net(par)) : 181 181 get_physoutdev_name(skb); 182 182 183 183 if (!eiface) ··· 395 395 396 396 if (opt->cmdflags & IPSET_FLAG_PHYSDEV) { 397 397 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 398 - const char *eiface = SRCDIR ? get_physindev_name(skb) : 398 + const char *eiface = SRCDIR ? get_physindev_name(skb, xt_net(par)) : 399 399 get_physoutdev_name(skb); 400 400 401 401 if (!eiface)

+7 -6

net/netfilter/nf_log_syslog.c

··· 111 111 unsigned int hooknum, const struct sk_buff *skb, 112 112 const struct net_device *in, 113 113 const struct net_device *out, 114 - const struct nf_loginfo *loginfo, const char *prefix) 114 + const struct nf_loginfo *loginfo, const char *prefix, 115 + struct net *net) 115 116 { 116 117 const struct net_device *physoutdev __maybe_unused; 117 118 const struct net_device *physindev __maybe_unused; ··· 122 121 in ? in->name : "", 123 122 out ? out->name : ""); 124 123 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 125 - physindev = nf_bridge_get_physindev(skb); 124 + physindev = nf_bridge_get_physindev(skb, net); 126 125 if (physindev && in != physindev) 127 126 nf_log_buf_add(m, "PHYSIN=%s ", physindev->name); 128 127 physoutdev = nf_bridge_get_physoutdev(skb); ··· 149 148 loginfo = &default_loginfo; 150 149 151 150 nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo, 152 - prefix); 151 + prefix, net); 153 152 dump_arp_packet(m, loginfo, skb, skb_network_offset(skb)); 154 153 155 154 nf_log_buf_close(m); ··· 846 845 loginfo = &default_loginfo; 847 846 848 847 nf_log_dump_packet_common(m, pf, hooknum, skb, in, 849 - out, loginfo, prefix); 848 + out, loginfo, prefix, net); 850 849 851 850 if (in) 852 851 dump_mac_header(m, loginfo, skb); ··· 881 880 loginfo = &default_loginfo; 882 881 883 882 nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, 884 - loginfo, prefix); 883 + loginfo, prefix, net); 885 884 886 885 if (in) 887 886 dump_mac_header(m, loginfo, skb); ··· 917 916 loginfo = &default_loginfo; 918 917 919 918 nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo, 920 - prefix); 919 + prefix, net); 921 920 922 921 dump_mac_header(m, loginfo, skb); 923 922

+1 -1

net/netfilter/nf_queue.c

··· 84 84 const struct sk_buff *skb = entry->skb; 85 85 86 86 if (nf_bridge_info_exists(skb)) { 87 - entry->physin = nf_bridge_get_physindev(skb); 87 + entry->physin = nf_bridge_get_physindev(skb, entry->state.net); 88 88 entry->physout = nf_bridge_get_physoutdev(skb); 89 89 } else { 90 90 entry->physin = NULL;

+1 -1

net/netfilter/xt_physdev.c

··· 59 59 (!!outdev ^ !(info->invert & XT_PHYSDEV_OP_BRIDGED))) 60 60 return false; 61 61 62 - physdev = nf_bridge_get_physindev(skb); 62 + physdev = nf_bridge_get_physindev(skb, xt_net(par)); 63 63 indev = physdev ? physdev->name : NULL; 64 64 65 65 if ((info->bitmask & XT_PHYSDEV_OP_ISIN &&