|
|
@@ -905,46 +905,62 @@ static unsigned int ip_sabotage_in(unsigned int hook, struct sk_buff *skb,
|
|
|
* For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because
|
|
|
* ip_refrag() can return NF_STOLEN. */
|
|
|
static struct nf_hook_ops br_nf_ops[] __read_mostly = {
|
|
|
- { .hook = br_nf_pre_routing,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_BRIDGE,
|
|
|
- .hooknum = NF_BR_PRE_ROUTING,
|
|
|
- .priority = NF_BR_PRI_BRNF, },
|
|
|
- { .hook = br_nf_local_in,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_BRIDGE,
|
|
|
- .hooknum = NF_BR_LOCAL_IN,
|
|
|
- .priority = NF_BR_PRI_BRNF, },
|
|
|
- { .hook = br_nf_forward_ip,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_BRIDGE,
|
|
|
- .hooknum = NF_BR_FORWARD,
|
|
|
- .priority = NF_BR_PRI_BRNF - 1, },
|
|
|
- { .hook = br_nf_forward_arp,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_BRIDGE,
|
|
|
- .hooknum = NF_BR_FORWARD,
|
|
|
- .priority = NF_BR_PRI_BRNF, },
|
|
|
- { .hook = br_nf_local_out,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_BRIDGE,
|
|
|
- .hooknum = NF_BR_LOCAL_OUT,
|
|
|
- .priority = NF_BR_PRI_FIRST, },
|
|
|
- { .hook = br_nf_post_routing,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_BRIDGE,
|
|
|
- .hooknum = NF_BR_POST_ROUTING,
|
|
|
- .priority = NF_BR_PRI_LAST, },
|
|
|
- { .hook = ip_sabotage_in,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_INET,
|
|
|
- .hooknum = NF_INET_PRE_ROUTING,
|
|
|
- .priority = NF_IP_PRI_FIRST, },
|
|
|
- { .hook = ip_sabotage_in,
|
|
|
- .owner = THIS_MODULE,
|
|
|
- .pf = PF_INET6,
|
|
|
- .hooknum = NF_INET_PRE_ROUTING,
|
|
|
- .priority = NF_IP6_PRI_FIRST, },
|
|
|
+ {
|
|
|
+ .hook = br_nf_pre_routing,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_BRIDGE,
|
|
|
+ .hooknum = NF_BR_PRE_ROUTING,
|
|
|
+ .priority = NF_BR_PRI_BRNF,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .hook = br_nf_local_in,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_BRIDGE,
|
|
|
+ .hooknum = NF_BR_LOCAL_IN,
|
|
|
+ .priority = NF_BR_PRI_BRNF,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .hook = br_nf_forward_ip,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_BRIDGE,
|
|
|
+ .hooknum = NF_BR_FORWARD,
|
|
|
+ .priority = NF_BR_PRI_BRNF - 1,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .hook = br_nf_forward_arp,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_BRIDGE,
|
|
|
+ .hooknum = NF_BR_FORWARD,
|
|
|
+ .priority = NF_BR_PRI_BRNF,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .hook = br_nf_local_out,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_BRIDGE,
|
|
|
+ .hooknum = NF_BR_LOCAL_OUT,
|
|
|
+ .priority = NF_BR_PRI_FIRST,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .hook = br_nf_post_routing,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_BRIDGE,
|
|
|
+ .hooknum = NF_BR_POST_ROUTING,
|
|
|
+ .priority = NF_BR_PRI_LAST,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .hook = ip_sabotage_in,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_INET,
|
|
|
+ .hooknum = NF_INET_PRE_ROUTING,
|
|
|
+ .priority = NF_IP_PRI_FIRST,
|
|
|
+ },
|
|
|
+ {
|
|
|
+ .hook = ip_sabotage_in,
|
|
|
+ .owner = THIS_MODULE,
|
|
|
+ .pf = PF_INET6,
|
|
|
+ .hooknum = NF_INET_PRE_ROUTING,
|
|
|
+ .priority = NF_IP6_PRI_FIRST,
|
|
|
+ },
|
|
|
};
|
|
|
|
|
|
#ifdef CONFIG_SYSCTL
|
Cyrill Gorcunov