| 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
|---|
| 2 | /* |
|---|
| 3 | * Handle firewalling core |
|---|
| 4 | * Linux ethernet bridge |
|---|
| 5 | * |
|---|
| 6 | * Authors: |
|---|
| 7 | * Lennert Buytenhek <buytenh@gnu.org> |
|---|
| 8 | * Bart De Schuymer <bdschuym@pandora.be> |
|---|
| 9 | * |
|---|
| 10 | * Lennert dedicates this file to Kerstin Wurdinger. |
|---|
| 11 | */ |
|---|
| 12 | |
|---|
| 13 | #include <linux/module.h> |
|---|
| 14 | #include <linux/kernel.h> |
|---|
| 15 | #include <linux/in_route.h> |
|---|
| 16 | #include <linux/inetdevice.h> |
|---|
| 17 | #include <net/route.h> |
|---|
| 18 | |
|---|
| 19 | #include "br_private.h" |
|---|
| 20 | #ifdef CONFIG_SYSCTL |
|---|
| 21 | #include <linux/sysctl.h> |
|---|
| 22 | #endif |
|---|
| 23 | |
|---|
| 24 | static void fake_update_pmtu(struct dst_entry *dst, struct sock *sk, |
|---|
| 25 | struct sk_buff *skb, u32 mtu, |
|---|
| 26 | bool confirm_neigh) |
|---|
| 27 | { |
|---|
| 28 | } |
|---|
| 29 | |
|---|
| 30 | static void fake_redirect(struct dst_entry *dst, struct sock *sk, |
|---|
| 31 | struct sk_buff *skb) |
|---|
| 32 | { |
|---|
| 33 | } |
|---|
| 34 | |
|---|
| 35 | static u32 *fake_cow_metrics(struct dst_entry *dst, unsigned long old) |
|---|
| 36 | { |
|---|
| 37 | return NULL; |
|---|
| 38 | } |
|---|
| 39 | |
|---|
| 40 | static struct neighbour *fake_neigh_lookup(const struct dst_entry *dst, |
|---|
| 41 | struct sk_buff *skb, |
|---|
| 42 | const void *daddr) |
|---|
| 43 | { |
|---|
| 44 | return NULL; |
|---|
| 45 | } |
|---|
| 46 | |
|---|
| 47 | static unsigned int fake_mtu(const struct dst_entry *dst) |
|---|
| 48 | { |
|---|
| 49 | return dst->dev->mtu; |
|---|
| 50 | } |
|---|
| 51 | |
|---|
| 52 | static struct dst_ops fake_dst_ops = { |
|---|
| 53 | .family = AF_INET, |
|---|
| 54 | .update_pmtu = fake_update_pmtu, |
|---|
| 55 | .redirect = fake_redirect, |
|---|
| 56 | .cow_metrics = fake_cow_metrics, |
|---|
| 57 | .neigh_lookup = fake_neigh_lookup, |
|---|
| 58 | .mtu = fake_mtu, |
|---|
| 59 | }; |
|---|
| 60 | |
|---|
| 61 | /* |
|---|
| 62 | * Initialize bogus route table used to keep netfilter happy. |
|---|
| 63 | * Currently, we fill in the PMTU entry because netfilter |
|---|
| 64 | * refragmentation needs it, and the rt_flags entry because |
|---|
| 65 | * ipt_REJECT needs it. Future netfilter modules might |
|---|
| 66 | * require us to fill additional fields. |
|---|
| 67 | */ |
|---|
| 68 | static const u32 br_dst_default_metrics[RTAX_MAX] = { |
|---|
| 69 | [RTAX_MTU - 1] = 1500, |
|---|
| 70 | }; |
|---|
| 71 | |
|---|
| 72 | void br_netfilter_rtable_init(struct net_bridge *br) |
|---|
| 73 | { |
|---|
| 74 | struct rtable *rt = &br->fake_rtable; |
|---|
| 75 | |
|---|
| 76 | rcuref_init(ref: &rt->dst.__rcuref, cnt: 1); |
|---|
| 77 | rt->dst.dev = br->dev; |
|---|
| 78 | dst_init_metrics(dst: &rt->dst, src_metrics: br_dst_default_metrics, read_only: true); |
|---|
| 79 | rt->dst.flags = DST_NOXFRM | DST_FAKE_RTABLE; |
|---|
| 80 | rt->dst.ops = &fake_dst_ops; |
|---|
| 81 | } |
|---|
| 82 | |
|---|
| 83 | int __init br_nf_core_init(void) |
|---|
| 84 | { |
|---|
| 85 | return dst_entries_init(dst: &fake_dst_ops); |
|---|
| 86 | } |
|---|
| 87 | |
|---|
| 88 | void br_nf_core_fini(void) |
|---|
| 89 | { |
|---|
| 90 | dst_entries_destroy(dst: &fake_dst_ops); |
|---|
| 91 | } |
|---|
| 92 | |
|---|
