Fix the VLAN macros in bridge netfilter code. Macros should
not depend on magic variables.

Signed-off-by: Stephen Hemminger <[EMAIL PROTECTED]>

Index: net-2.6.17/net/bridge/br_netfilter.c
===================================================================
--- net-2.6.17.orig/net/bridge/br_netfilter.c
+++ net-2.6.17/net/bridge/br_netfilter.c
@@ -61,15 +61,25 @@ static int brnf_filter_vlan_tagged = 1;
 #define brnf_filter_vlan_tagged 1
 #endif
 
-#define IS_VLAN_IP (skb->protocol == htons(ETH_P_8021Q) &&    \
-       hdr->h_vlan_encapsulated_proto == htons(ETH_P_IP) &&  \
-       brnf_filter_vlan_tagged)
-#define IS_VLAN_IPV6 (skb->protocol == htons(ETH_P_8021Q) &&    \
-       hdr->h_vlan_encapsulated_proto == htons(ETH_P_IPV6) &&  \
-       brnf_filter_vlan_tagged)
-#define IS_VLAN_ARP (skb->protocol == htons(ETH_P_8021Q) &&   \
-       hdr->h_vlan_encapsulated_proto == htons(ETH_P_ARP) && \
-       brnf_filter_vlan_tagged)
+static __be16 inline vlan_proto(const struct sk_buff *skb)
+{
+       return vlan_eth_hdr(skb)->h_vlan_encapsulated_proto;
+}
+
+#define IS_VLAN_IP(skb) \
+       (skb->protocol == htons(ETH_P_8021Q) && \
+        vlan_proto(skb) == htons(ETH_P_IP) &&  \
+        brnf_filter_vlan_tagged)
+
+#define IS_VLAN_IPV6(skb) \
+       (skb->protocol == htons(ETH_P_8021Q) && \
+        vlan_proto(skb) == htons(ETH_P_IPV6) &&\
+        brnf_filter_vlan_tagged)
+
+#define IS_VLAN_ARP(skb) \
+       (skb->protocol == htons(ETH_P_8021Q) && \
+        vlan_proto(skb) == htons(ETH_P_ARP) && \
+        brnf_filter_vlan_tagged)
 
 /* We need these fake structures to make netfilter happy --
  * lots of places assume that skb->dst != NULL, which isn't
@@ -419,9 +429,8 @@ static unsigned int br_nf_pre_routing(un
        __u32 len;
        struct sk_buff *skb = *pskb;
        struct nf_bridge_info *nf_bridge;
-       struct vlan_ethhdr *hdr = vlan_eth_hdr(*pskb);
 
-       if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6) {
+       if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb)) {
 #ifdef CONFIG_SYSCTL
                if (!brnf_call_ip6tables)
                        return NF_ACCEPT;
@@ -440,7 +449,7 @@ static unsigned int br_nf_pre_routing(un
                return NF_ACCEPT;
 #endif
 
-       if (skb->protocol != htons(ETH_P_IP) && !IS_VLAN_IP)
+       if (skb->protocol != htons(ETH_P_IP) && !IS_VLAN_IP(skb))
                return NF_ACCEPT;
 
        if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL)
@@ -521,9 +530,8 @@ static int br_nf_forward_finish(struct s
 {
        struct nf_bridge_info *nf_bridge = skb->nf_bridge;
        struct net_device *in;
-       struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
 
-       if (skb->protocol != htons(ETH_P_ARP) && !IS_VLAN_ARP) {
+       if (skb->protocol != htons(ETH_P_ARP) && !IS_VLAN_ARP(skb)) {
                in = nf_bridge->physindev;
                if (nf_bridge->mask & BRNF_PKT_TYPE) {
                        skb->pkt_type = PACKET_OTHERHOST;
@@ -553,7 +561,6 @@ static unsigned int br_nf_forward_ip(uns
 {
        struct sk_buff *skb = *pskb;
        struct nf_bridge_info *nf_bridge;
-       struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
        struct net_device *parent;
        int pf;
 
@@ -564,7 +571,7 @@ static unsigned int br_nf_forward_ip(uns
        if (!parent)
                return NF_DROP;
 
-       if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP)
+       if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
                pf = PF_INET;
        else
                pf = PF_INET6;
@@ -596,7 +603,6 @@ static unsigned int br_nf_forward_arp(un
                                      int (*okfn)(struct sk_buff *))
 {
        struct sk_buff *skb = *pskb;
-       struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
        struct net_device **d = (struct net_device **)(skb->cb);
 
 #ifdef CONFIG_SYSCTL
@@ -605,14 +611,14 @@ static unsigned int br_nf_forward_arp(un
 #endif
 
        if (skb->protocol != htons(ETH_P_ARP)) {
-               if (!IS_VLAN_ARP)
+               if (!IS_VLAN_ARP(skb))
                        return NF_ACCEPT;
                skb_pull(*pskb, VLAN_HLEN);
                (*pskb)->nh.raw += VLAN_HLEN;
        }
 
        if (skb->nh.arph->ar_pln != 4) {
-               if (IS_VLAN_ARP) {
+               if (IS_VLAN_ARP(skb)) {
                        skb_push(*pskb, VLAN_HLEN);
                        (*pskb)->nh.raw -= VLAN_HLEN;
                }
@@ -667,13 +673,12 @@ static unsigned int br_nf_local_out(unsi
        struct net_device *realindev, *realoutdev;
        struct sk_buff *skb = *pskb;
        struct nf_bridge_info *nf_bridge;
-       struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
        int pf;
 
        if (!skb->nf_bridge)
                return NF_ACCEPT;
 
-       if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP)
+       if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
                pf = PF_INET;
        else
                pf = PF_INET6;
@@ -752,7 +757,6 @@ static unsigned int br_nf_post_routing(u
 {
        struct sk_buff *skb = *pskb;
        struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge;
-       struct vlan_ethhdr *hdr = vlan_eth_hdr(skb);
        struct net_device *realoutdev = bridge_parent(skb->dev);
        int pf;
 
@@ -772,7 +776,7 @@ static unsigned int br_nf_post_routing(u
        if (!realoutdev)
                return NF_DROP;
 
-       if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP)
+       if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb))
                pf = PF_INET;
        else
                pf = PF_INET6;

--

-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to