summaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorMichael Milner <milner@blissisland.ca>2007-04-12 22:14:23 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>2007-04-25 22:28:57 -0700
commit516299d2f5b6f9703b9b388faf91898dc636a678 (patch)
tree909b7003188f0f100e0782c9620515e39cba1603 /include/linux
parent91d73c15cb165195bc8c3d6a35e30df454b1485b (diff)
downloadlinux-516299d2f5b6f9703b9b388faf91898dc636a678.tar.gz
linux-516299d2f5b6f9703b9b388faf91898dc636a678.tar.bz2
linux-516299d2f5b6f9703b9b388faf91898dc636a678.zip
[NETFILTER]: bridge-nf: filter bridged IPv4/IPv6 encapsulated in pppoe traffic
The attached patch by Michael Milner adds support for using iptables and ip6tables on bridged traffic encapsulated in ppoe frames, similar to what's already supported for vlan. Signed-off-by: Michael Milner <milner@blissisland.ca> Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/if_pppox.h3
-rw-r--r--include/linux/netfilter_bridge.h11
-rw-r--r--include/linux/sysctl.h1
3 files changed, 13 insertions, 2 deletions
diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h
index 29d6579ff1a0..6f987be60fe2 100644
--- a/include/linux/if_pppox.h
+++ b/include/linux/if_pppox.h
@@ -111,6 +111,9 @@ struct pppoe_hdr {
struct pppoe_tag tag[0];
} __attribute__ ((packed));
+/* Length of entire PPPoE + PPP header */
+#define PPPOE_SES_HLEN 8
+
#ifdef __KERNEL__
#include <linux/skbuff.h>
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 55689f39f77a..19060030bac9 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -7,6 +7,7 @@
#include <linux/netfilter.h>
#include <linux/if_ether.h>
#include <linux/if_vlan.h>
+#include <linux/if_pppox.h>
/* Bridge Hooks */
/* After promisc drops, checksum checks. */
@@ -58,8 +59,14 @@ static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)
* enough room for the encapsulating header (if there is one). */
static inline int nf_bridge_pad(const struct sk_buff *skb)
{
- return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q))
- ? VLAN_HLEN : 0;
+ int padding = 0;
+
+ if (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q))
+ padding = VLAN_HLEN;
+ else if (skb->nf_bridge && skb->protocol == htons(ETH_P_PPP_SES))
+ padding = PPPOE_SES_HLEN;
+
+ return padding;
}
struct bridge_skb_cb {
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index df2d9ed20a4e..47f1c53332ce 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -792,6 +792,7 @@ enum {
NET_BRIDGE_NF_CALL_IPTABLES = 2,
NET_BRIDGE_NF_CALL_IP6TABLES = 3,
NET_BRIDGE_NF_FILTER_VLAN_TAGGED = 4,
+ NET_BRIDGE_NF_FILTER_PPPOE_TAGGED = 5,
};
/* CTL_FS names: */