AC_SUBST(HAVE_ETHER_ADDR_COPY, undef)
fi
+AC_MSG_CHECKING([kernel source for nf_bridge_get_physindev])
+if test -f $ksourcedir/include/linux/netfilter_bridge.h && \
+ $GREP -q 'nf_bridge_get_physindev' $ksourcedir/include/linux/netfilter_bridge.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_NF_BRIDGE_GET_PHYSDEV, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_NF_BRIDGE_GET_PHYSDEV, undef)
+fi
+
AC_MSG_CHECKING([kernel source for struct net_generic])
if test -f $ksourcedir/include/net/netns/generic.h && \
$GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then
#@HAVE_LIST_LAST_ENTRY@ HAVE_LIST_LAST_ENTRY
#@HAVE_LIST_NEXT_ENTRY@ HAVE_LIST_NEXT_ENTRY
#@HAVE_ETHER_ADDR_COPY@ HAVE_ETHER_ADDR_COPY
+#@HAVE_NF_BRIDGE_GET_PHYSDEV@ HAVE_NF_BRIDGE_GET_PHYSDEV
/* Not everything could be moved here. Compatibility stuffs can be found in
* xt_set.c, ip_set_core.c, ip_set_getport.c, pfxlen.c too.
#define ether_addr_copy(dst, src) memcpy(dst, src, ETH_ALEN)
#endif
+#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
+#ifndef HAVE_NF_BRIDGE_GET_PHYSDEV
+static inline struct net_device *
+nf_bridge_get_physindev(const struct sk_buff *skb)
+{
+ return skb->nf_bridge ? skb->nf_bridge->physindev : NULL;
+}
+
+static inline struct net_device *
+nf_bridge_get_physoutdev(const struct sk_buff *skb)
+{
+ return skb->nf_bridge ? skb->nf_bridge->physoutdev : NULL;
+}
+#endif
+#endif
+
#ifndef smp_mb__before_atomic
#define smp_mb__before_atomic() smp_mb()
#define smp_mb__after_atomic() smp_mb()
#include <net/netlink.h>
#include <linux/netfilter.h>
+#include <linux/netfilter_bridge.h>
#include <linux/netfilter/ipset/pfxlen.h>
#include <linux/netfilter/ipset/ip_set.h>
#include <linux/netfilter/ipset/ip_set_hash.h>
#define HKEY_DATALEN sizeof(struct hash_netiface4_elem_hashed)
#include "ip_set_hash_gen.h"
+#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
+static const char *get_physindev_name(const struct sk_buff *skb)
+{
+ struct net_device *dev = nf_bridge_get_physindev(skb);
+
+ return dev ? dev->name : NULL;
+}
+
+static const char *get_physoutdev_name(const struct sk_buff *skb)
+{
+ struct net_device *dev = nf_bridge_get_physoutdev(skb);
+
+ return dev ? dev->name : NULL;
+}
+#endif
+
static int
hash_netiface4_kadt(struct ip_set *set, const struct sk_buff *skb,
const struct xt_action_param *par,
e.ip &= ip_set_netmask(e.cidr);
#define IFACE(dir) (par->dir ? par->dir->name : "")
-#define PHYSDEV(dir) (nf_bridge->dir ? nf_bridge->dir->name : "")
#define SRCDIR (opt->flags & IPSET_DIM_TWO_SRC)
if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
- const struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ const char *eiface = SRCDIR ? get_physindev_name(skb) :
+ get_phyoutdev_name(skb);
- if (!nf_bridge)
+ if (!eiface)
return -EINVAL;
- STRLCPY(e.iface,
- SRCDIR ? PHYSDEV(physindev) : PHYSDEV(physoutdev));
+ STRLCPY(e.iface, eiface);
e.physdev = 1;
#endif
} else {
if (opt->cmdflags & IPSET_FLAG_PHYSDEV) {
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
- const struct nf_bridge_info *nf_bridge = skb->nf_bridge;
+ const char *eiface = SRCDIR ? get_physindev_name(skb) :
+ get_phyoutdev_name(skb);
- if (!nf_bridge)
+ if (!eiface)
return -EINVAL;
- STRLCPY(e.iface,
- SRCDIR ? PHYSDEV(physindev) : PHYSDEV(physoutdev));
+ STRLCPY(e.iface, eiface);
e.physdev = 1;
#endif
} else {