diff options
author | Bart De Schuymer <bdschuym@pandora.be> | 2010-04-15 12:14:51 +0200 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-04-15 12:14:51 +0200 |
commit | ea2d9b41bd418894d1ee25de1642c3325d71c397 (patch) | |
tree | e8187786c8d83123da104476fc0eb7132ec29045 /net/bridge/br_device.c | |
parent | netfilter: ipv6: add IPSKB_REROUTED exclusion to NF_HOOK/POSTROUTING invocation (diff) | |
download | linux-ea2d9b41bd418894d1ee25de1642c3325d71c397.tar.xz linux-ea2d9b41bd418894d1ee25de1642c3325d71c397.zip |
netfilter: bridge-netfilter: simplify IP DNAT
Remove br_netfilter.c::br_nf_local_out(). The function
br_nf_local_out() was needed because the PF_BRIDGE::LOCAL_OUT hook
could be called when IP DNAT happens on to-be-bridged traffic. The
new scheme eliminates this mess.
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge/br_device.c')
-rw-r--r-- | net/bridge/br_device.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c index 5b8a6e73b02f..007bde87415d 100644 --- a/net/bridge/br_device.c +++ b/net/bridge/br_device.c @@ -15,7 +15,7 @@ #include <linux/netdevice.h> #include <linux/etherdevice.h> #include <linux/ethtool.h> - +#include <linux/netfilter_bridge.h> #include <asm/uaccess.h> #include "br_private.h" @@ -28,6 +28,13 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev) struct net_bridge_mdb_entry *mdst; struct br_cpu_netstats *brstats = this_cpu_ptr(br->stats); +#ifdef CONFIG_BRIDGE_NETFILTER + if (skb->nf_bridge && (skb->nf_bridge->mask & BRNF_BRIDGED_DNAT)) { + br_nf_pre_routing_finish_bridge_slow(skb); + return NETDEV_TX_OK; + } +#endif + brstats->tx_packets++; brstats->tx_bytes += skb->len; |