1. 15 Apr, 2010 2 commits
    • Bart De Schuymer's avatar
      netfilter: bridge-netfilter: Fix MAC header handling with IP DNAT · e179e632
      Bart De Schuymer authored
      - fix IP DNAT on vlan- or pppoe-encapsulated traffic: The functions
      neigh_hh_output() or dst->neighbour->output() overwrite the complete
      Ethernet header, although we only need the destination MAC address.
      For encapsulated packets, they ended up overwriting the encapsulating
      header. The new code copies the Ethernet source MAC address and
      protocol number before calling dst->neighbour->output(). The Ethernet
      source MAC and protocol number are copied back in place in
      br_nf_pre_routing_finish_bridge_slow(). This also makes the IP DNAT
      more transparent because in the old scheme the source MAC of the
      bridge was copied into the source address in the Ethernet header. We
      also let skb->protocol equal ETH_P_IP resp. ETH_P_IPV6 during the
      execution of the PF_INET resp. PF_INET6 hooks.
      
      - Speed up IP DNAT by calling neigh_hh_bridge() instead of
      neigh_hh_output(): if dst->hh is available, we already know the MAC
      address so we can just copy it.
      Signed-off-by: default avatarBart De Schuymer <bdschuym@pandora.be>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      e179e632
    • Bart De Schuymer's avatar
      netfilter: bridge-netfilter: simplify IP DNAT · ea2d9b41
      Bart De Schuymer authored
      Remove br_netfilter.c::br_nf_local_out(). The function
      br_nf_local_out() was needed because the PF_BRIDGE::LOCAL_OUT hook
      could be called when IP DNAT happens on to-be-bridged traffic. The
      new scheme eliminates this mess.
      Signed-off-by: default avatarBart De Schuymer <bdschuym@pandora.be>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      ea2d9b41
  2. 13 Apr, 2010 7 commits
  3. 09 Apr, 2010 2 commits
  4. 08 Apr, 2010 4 commits
  5. 01 Apr, 2010 3 commits
  6. 25 Mar, 2010 21 commits
  7. 19 Mar, 2010 1 commit