git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 2 Apr 2015 12:31:40 +0000 (14:31 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 8 Apr 2015 14:49:07 +0000 (16:49 +0200)
commit	b1782b543d5983f64d15d77e271558e20e0384c8
tree	9350ff40e25b7a7a3c096b5463441d7782c750de	tree \| snapshot
parent	0af2a326dc151d0627aecc967b2cd0c878c5d29e	commit \| diff

netfilter: bridge: don't use nf_bridge_info data to store mac header

br_netfilter maintains an extra state, nf_bridge_info, which is attached
to skb via skb->nf_bridge pointer.

Amongst other things we use skb->nf_bridge->data to store the original
mac header for every processed skb.

This is required for ip refragmentation when using conntrack
on top of bridge, because ip_fragment doesn't copy it from original skb.

However there is no need anymore to do this unconditionally.

Move this to the one place where its needed -- when br_netfilter calls
ip_fragment().

Also switch to percpu storage for this so we can handle fragmenting
without accessing nf_bridge meta data.

Only user left is neigh resolution when DNAT is detected, to hold
the original source mac address (neigh resolution builds new mac header
using bridge mac), so rename ->data and reduce its size to whats needed.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/skbuff.h		diff \| blob \| history
net/bridge/br_netfilter.c		diff \| blob \| history