summaryrefslogtreecommitdiff
path: root/include/linux
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2015-04-02 15:31:40 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2015-04-08 17:49:07 +0300
commite70deecbf8e1562cac0b19f23848919e2f5d65aa (patch)
tree9350ff40e25b7a7a3c096b5463441d7782c750de /include/linux
parentd64d80a2cde94f3e89caebd27240be419fec5b81 (diff)
downloadlinux-e70deecbf8e1562cac0b19f23848919e2f5d65aa.tar.xz
netfilter: bridge: don't use nf_bridge_info data to store mac header
br_netfilter maintains an extra state, nf_bridge_info, which is attached to skb via skb->nf_bridge pointer. Amongst other things we use skb->nf_bridge->data to store the original mac header for every processed skb. This is required for ip refragmentation when using conntrack on top of bridge, because ip_fragment doesn't copy it from original skb. However there is no need anymore to do this unconditionally. Move this to the one place where its needed -- when br_netfilter calls ip_fragment(). Also switch to percpu storage for this so we can handle fragmenting without accessing nf_bridge meta data. Only user left is neigh resolution when DNAT is detected, to hold the original source mac address (neigh resolution builds new mac header using bridge mac), so rename ->data and reduce its size to whats needed. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/skbuff.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 36f3f43c0117..f66a089afc41 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -169,7 +169,7 @@ struct nf_bridge_info {
unsigned int mask;
struct net_device *physindev;
struct net_device *physoutdev;
- unsigned long data[32 / sizeof(unsigned long)];
+ char neigh_header[8];
};
#endif