1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Handle firewalling core 4 * Linux ethernet bridge 5 * 6 * Authors: 7 * Lennert Buytenhek <buytenh@gnu.org> 8 * Bart De Schuymer <bdschuym@pandora.be> 9 * 10 * Lennert dedicates this file to Kerstin Wurdinger. 11 */ 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/in_route.h> 16 #include <linux/inetdevice.h> 17 #include <net/route.h> 18 19 #include "br_private.h" 20 #ifdef CONFIG_SYSCTL 21 #include <linux/sysctl.h> 22 #endif 23 24 static void fake_update_pmtu(struct dst_entry *dst, struct sock *sk, 25 struct sk_buff *skb, u32 mtu, 26 bool confirm_neigh) 27 { 28 } 29 30 static void fake_redirect(struct dst_entry *dst, struct sock *sk, 31 struct sk_buff *skb) 32 { 33 } 34 35 static u32 *fake_cow_metrics(struct dst_entry *dst, unsigned long old) 36 { 37 return NULL; 38 } 39 40 static struct neighbour *fake_neigh_lookup(const struct dst_entry *dst, 41 struct sk_buff *skb, 42 const void *daddr) 43 { 44 return NULL; 45 } 46 47 static unsigned int fake_mtu(const struct dst_entry *dst) 48 { 49 return dst->dev->mtu; 50 } 51 52 static struct dst_ops fake_dst_ops = { 53 .family = AF_INET, 54 .update_pmtu = fake_update_pmtu, 55 .redirect = fake_redirect, 56 .cow_metrics = fake_cow_metrics, 57 .neigh_lookup = fake_neigh_lookup, 58 .mtu = fake_mtu, 59 }; 60 61 /* 62 * Initialize bogus route table used to keep netfilter happy. 63 * Currently, we fill in the PMTU entry because netfilter 64 * refragmentation needs it, and the rt_flags entry because 65 * ipt_REJECT needs it. Future netfilter modules might 66 * require us to fill additional fields. 67 */ 68 static const u32 br_dst_default_metrics[RTAX_MAX] = { 69 [RTAX_MTU - 1] = 1500, 70 }; 71 72 void br_netfilter_rtable_init(struct net_bridge *br) 73 { 74 struct rtable *rt = &br->fake_rtable; 75 76 rcuref_init(&rt->dst.__rcuref, 1); 77 rt->dst.dev = br->dev; 78 dst_init_metrics(&rt->dst, br_dst_default_metrics, true); 79 rt->dst.flags = DST_NOXFRM | DST_FAKE_RTABLE; 80 rt->dst.ops = &fake_dst_ops; 81 } 82 83 int __init br_nf_core_init(void) 84 { 85 return dst_entries_init(&fake_dst_ops); 86 } 87 88 void br_nf_core_fini(void) 89 { 90 dst_entries_destroy(&fake_dst_ops); 91 } 92