netfilter: bridge: neigh_head and physoutdev can't be used at same time
authorFlorian Westphal <fw@strlen.de>
Sun, 3 May 2015 20:05:28 +0000 (22:05 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 14 May 2015 10:43:48 +0000 (12:43 +0200)
The neigh_header is only needed when we detect DNAT after prerouting
and neigh cache didn't have a mac address for us.

The output port has not been chosen yet so we can re-use the storage
area, bringing struct size down to 32 bytes on x86_64.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/linux/skbuff.h
net/bridge/br_netfilter.c

index c0b574a414e7593d6af993637f944b42f70a454e..3d932e64125af3a296d0a58c05de3c8b8178aeed 100644 (file)
@@ -170,12 +170,14 @@ struct nf_bridge_info {
                BRNF_PROTO_UNCHANGED,
                BRNF_PROTO_8021Q,
                BRNF_PROTO_PPPOE
-       } orig_proto;
+       } orig_proto:8;
        bool                    pkt_otherhost;
        unsigned int            mask;
        struct net_device       *physindev;
-       struct net_device       *physoutdev;
-       char                    neigh_header[8];
+       union {
+               struct net_device *physoutdev;
+               char neigh_header[8];
+       };
 };
 #endif
 
index ab55e2472beb0e44dece07e327f2e0eb8d3f502c..13973da29b2a3a0ed305cc5b4ebd33a95593357e 100644 (file)
@@ -973,6 +973,8 @@ static void br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb)
                                       nf_bridge->neigh_header,
                                       ETH_HLEN - ETH_ALEN);
        skb->dev = nf_bridge->physindev;
+
+       nf_bridge->physoutdev = NULL;
        br_handle_frame_finish(NULL, skb);
 }