/* Obtain the correct destination MAC address, while preserving the original
* source MAC address. If we already know this address, we just copy it. If we
* don't, we use the neighbour framework to find out. In both cases, we make
* sure that br_handle_frame_finish() is called afterwards.
*/
static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb)
{
struct nf_bridge_info *nf_bridge = skb->nf_bridge;
struct neighbour *neigh;
struct dst_entry *dst;
skb->dev = bridge_parent(skb->dev);
if (!skb->dev)
goto free_skb;
dst = skb_dst(skb);
neigh = dst_get_neighbour_noref(dst);
if (neigh->hh.hh_len) {
neigh_hh_bridge(&neigh->hh, skb);
skb->dev = nf_bridge->physindev;
return br_handle_frame_finish(skb);
} else {
/* the neighbour function below overwrites the complete
* MAC header, so we save the Ethernet source address and
* protocol number. */
skb_copy_from_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), skb->nf_bridge->data, ETH_HLEN-ETH_ALEN);
/* tell br_dev_xmit to continue with forwarding */
nf_bridge->mask |= BRNF_BRIDGED_DNAT;
return neigh->output(neigh, skb);
}
free_skb:
kfree_skb(skb);
return 0;
}
static int ip6_finish_output2(struct sk_buff *skb)
{
struct dst_entry *dst = skb_dst(skb);
struct net_device *dev = dst->dev;
struct neighbour *neigh;
#if !defined(CONFIG_IMQ) && !defined(CONFIG_IMQ_MODULE)
skb->protocol = htons(ETH_P_IPV6);
skb->dev = dev;
#endif
if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) &&
((mroute6_socket(dev_net(dev), skb) &&
!(IP6CB(skb)->flags & IP6SKB_FORWARDED)) ||
ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr,
&ipv6_hdr(skb)->saddr))) {
struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
/* Do not check for IFF_ALLMULTI; multicast routing
is not supported in any case.
*/
if (newskb)
NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING,
newskb, NULL, newskb->dev,
ip6_dev_loopback_xmit);
if (ipv6_hdr(skb)->hop_limit == 0) {
IP6_INC_STATS(dev_net(dev), idev,
IPSTATS_MIB_OUTDISCARDS);
kfree_skb(skb);
return 0;
}
}
IP6_UPD_PO_STATS(dev_net(dev), idev, IPSTATS_MIB_OUTMCAST,
skb->len);
}
rcu_read_lock();
neigh = dst_get_neighbour_noref(dst);
if (neigh) {
int res = neigh_output(neigh, skb);
rcu_read_unlock();
return res;
}
rcu_read_unlock();
IP6_INC_STATS(dev_net(dst->dev),
ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
kfree_skb(skb);
return -EINVAL;
}
/*
* sfe_cm_find_dev_and_mac_addr()
* Find the device and MAC address for a given IPv4 address.
*
* Returns true if we find the device and MAC address, otherwise false.
*
* We look up the rtable entry for the address and, from its neighbour
* structure, obtain the hardware address. This means this function also
* works if the neighbours are routers too.
*/
static bool sfe_cm_find_dev_and_mac_addr(uint32_t addr, struct net_device **dev, uint8_t *mac_addr)
{
struct neighbour *neigh;
struct rtable *rt;
struct dst_entry *dst;
struct net_device *mac_dev;
/*
* Look up the rtable entry for the IP address then get the hardware
* address from its neighbour structure. This means this work when the
* neighbours are routers too.
*/
rt = ip_route_output(&init_net, addr, 0, 0, 0);
if (unlikely(IS_ERR(rt))) {
return false;
}
dst = (struct dst_entry *)rt;
rcu_read_lock();
neigh = dst_get_neighbour_noref(dst);
if (unlikely(!neigh)) {
rcu_read_unlock();
dst_release(dst);
return false;
}
if (unlikely(!(neigh->nud_state & NUD_VALID))) {
rcu_read_unlock();
dst_release(dst);
return false;
}
mac_dev = neigh->dev;
if (!mac_dev) {
rcu_read_unlock();
dst_release(dst);
return false;
}
memcpy(mac_addr, neigh->ha, (size_t)mac_dev->addr_len);
dev_hold(mac_dev);
*dev = mac_dev;
rcu_read_unlock();
dst_release(dst);
return true;
}
struct net_device *dev,
struct netdev_queue *txq)
{
struct dst_entry *dst = skb_dst(skb);
struct neighbour *mn;
int res;
if (txq->qdisc == &noop_qdisc)
return -ENODEV;
if (!dev->header_ops || !dst)
return 0;
rcu_read_lock();
<<<<<<< HEAD
mn = dst_get_neighbour_noref(dst);
=======
<<<<<<< HEAD
mn = dst_get_neighbour_noref(dst);
=======
mn = dst_get_neighbour(dst);
>>>>>>> 58a75b6a81be54a8b491263ca1af243e9d8617b9
>>>>>>> ae1773bb70f3d7cf73324ce8fba787e01d8fa9f2
res = mn ? __teql_resolve(skb, skb_res, dev, txq, mn) : 0;
rcu_read_unlock();
return res;
}
static netdev_tx_t teql_master_xmit(struct sk_buff *skb, struct net_device *dev)
{
static int ak_client_inform_port(const struct net_device *dev, aku16 port_src,
aku8 protocol, unsigned int uid)
{
ak_client_logon_array user_logon[AK_CLIENT_MAX_LOGONS_PER_USER];
struct sk_buff *skb; // Pacote a ser enviado para avisar o firewall
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,39))
struct flowi flp;
#else
struct flowi4 flp;
#endif
struct in_device *idev;
struct rtable *rt; // Rota a ser usada para enviar o pacote
struct iphdr *ip; // Header IP do pacote a enviar
struct udphdr *udp; // Header UDP do pacote a enviar
struct dst_entry *dst;
#if (((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,41)) && \
(LINUX_VERSION_CODE < KERNEL_VERSION(3,0,0))) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)))
struct neighbour *neigh;
#endif
MD5_CTX contexto; // Contexto para calcular MD5
int pkt_sent = 0; // Enviou ao menos um pacote ?
fwprofd_header *header;
fwprofd_port_ctl *port_ctl;
ak_client_logon_array *logon;
int size;
int count;
int i;
if (!dev)
{
PRINT("Device de saida NULL\n");
return -2;
}
count = ak_client_get_user_list(uid, user_logon);
size = sizeof(struct iphdr) + sizeof(struct udphdr) + sizeof(fwprofd_header) + sizeof(fwprofd_port_ctl);
for (i = 0, logon = user_logon; i < count; i++, logon++)
{
PRINT("Enviando pacote %d/%d - ", i + 1, count);
skb = alloc_skb(size + 16, GFP_ATOMIC);
if (!skb)
{
PRINT("Nao consegui alocar skbuff para enviar pacote\n");
return -3;
}
skb->data += 16;
skb->len = size;
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22))
skb->tail = skb->data + size;
skb->nh.iph = (struct iphdr *) skb->data;
skb->h.uh = (struct udphdr *) (skb->data + sizeof(struct iphdr));
ip = skb->nh.iph;
#else
skb_set_tail_pointer(skb, size);
skb_reset_network_header(skb);
skb_set_transport_header(skb, sizeof(struct iphdr));
ip = ip_hdr(skb);
#endif
udp = (struct udphdr *) ((char *) ip + sizeof(struct iphdr));
header = (fwprofd_header *) (udp + 1);
port_ctl = (fwprofd_port_ctl *) (header + 1);
// Pega o IP da interface de saida para alocar rota de saida
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0))
idev = in_dev_get(dev);
#else
rcu_read_lock();
idev = __in_dev_get_rcu(dev);
#endif
if (!idev)
{
#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
rcu_read_unlock();
#endif
kfree_skb(skb);
PRINT("Device de saida sem IP (1)\n");
return -4;
}
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0))
read_lock(&idev->lock);
#endif
if (!idev->ifa_list)
{
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0))
read_unlock(&idev->lock);
in_dev_put(idev);
#else
rcu_read_unlock();
#endif
kfree_skb(skb);
PRINT("Device de saida sem IP (2)\n");
return -5;
}
ip->saddr = idev->ifa_list->ifa_address;
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0))
read_unlock(&idev->lock);
in_dev_put(idev);
#else
rcu_read_unlock();
#endif
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,39))
flp.oif = 0;
flp.nl_u.ip4_u.saddr = ip->saddr;
flp.nl_u.ip4_u.daddr = logon->logon_data.ip.s_addr;
flp.nl_u.ip4_u.tos = 0;
flp.uli_u.ports.sport = ntohs(AKER_PROF_PORT);
flp.uli_u.ports.dport = ntohs(AKER_PROF_PORT);
flp.proto = IPPROTO_UDP;
#else
flp.flowi4_oif = 0;
flp.saddr = ip->saddr;
flp.daddr = logon->logon_data.ip.s_addr;
flp.flowi4_tos = 0;
flp.fl4_sport = ntohs(AKER_PROF_PORT);
flp.fl4_dport = ntohs(AKER_PROF_PORT);
flp.flowi4_proto = IPPROTO_UDP;
#endif
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,39))
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,25))
if (ip_route_output_key(&rt, &flp))
#else
if (ip_route_output_key(&init_net, &rt, &flp))
#endif
{
kfree_skb(skb);
PRINT("Erro ao alocar rota de saida\n");
continue;
}
#else
rt = ip_route_output_key(&init_net, &flp);
if (IS_ERR(rt))
{
kfree_skb(skb);
PRINT("Erro ao alocar rota de saida\n");
continue;
}
#endif
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,31))
skb->dst = dst_clone(&rt->u.dst);
#elif (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36))
skb_dst_set(skb, dst_clone(&rt->u.dst));
#else
skb_dst_set(skb, dst_clone(&rt->dst));
#endif
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,36))
skb->dev = rt->u.dst.dev;
#else
skb->dev = rt->dst.dev;
#endif
skb->protocol = __constant_htons(ETH_P_IP);
// Preenche dados do usuario
port_ctl->ip_src.s_addr = 0;
port_ctl->seq = ntohl(logon->seq); // ak_client_get_user_list() ja incrementou seq
port_ctl->user_num = ntohl(logon->logon_data.ak_user_num);
port_ctl->port = port_src;
port_ctl->protocol = protocol;
port_ctl->reserved = 0;
MD5Init(&contexto);
MD5Update(&contexto, (u_char *) logon->logon_data.secret, 16);
MD5Update(&contexto, (u_char *) &port_ctl->ip_src, sizeof(struct in_addr));
MD5Update(&contexto, (u_char *) &port_ctl->seq, sizeof(aku32));
MD5Update(&contexto, (u_char *) &port_ctl->user_num, sizeof(aku32));
MD5Update(&contexto, (u_char *) &port_ctl->port, sizeof(aku16));
MD5Update(&contexto, (u_char *) &port_ctl->protocol, sizeof(aku8));
MD5Update(&contexto, (u_char *) &port_ctl->reserved, sizeof(aku8));
MD5Final((u_char *) port_ctl->hash, &contexto);
// Preenche demais campos do pacote
header->ip_dst = logon->logon_data.ip;
header->versao = AKER_PROF_VERSION;
header->tipo_req = APROF_BIND_PORT;
memset(header->md5, 0, 16);
MD5Init(&contexto);
MD5Update(&contexto, (void *) header, sizeof(fwprofd_header));
MD5Update(&contexto, (void *) port_ctl, sizeof(fwprofd_port_ctl));
MD5Final(header->md5, &contexto);
udp->dest = udp->source = ntohs(AKER_PROF_PORT);
udp->len = ntohs(size - sizeof(struct iphdr));
udp->check = 0;
ip->ihl = sizeof(struct iphdr) >> 2;
ip->version = IPVERSION;
ip->ttl = IPDEFTTL;
ip->tos = 0;
ip->daddr = header->ip_dst.s_addr;
ip->protocol = IPPROTO_UDP;
ip->frag_off = 0;
ip->tot_len = htons(size);
ip->id = 0;
ip->check = 0;
ip->check = ip_fast_csum((u_char *) ip, ip->ihl);
PRINT("%s -> %s\n", ip2a(ip->saddr), ip2a(ip->daddr));
// Envia pacote
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,31))
dst = skb->dst;
#else
dst = skb_dst(skb);
#endif
#if (((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,41)) && \
(LINUX_VERSION_CODE < KERNEL_VERSION(3,0,0))) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)) && \
LINUX_VERSION_CODE < KERNEL_VERSION(3,6,0))
rcu_read_lock();
neigh = dst_get_neighbour_noref(dst);
if (neigh)
{
neigh->output(neigh, skb);
ip_rt_put(rt);
pkt_sent++;
}
#elif (LINUX_VERSION_CODE >= KERNEL_VERSION(3,6,0))
rcu_read_lock();
neigh = dst_neigh_lookup_skb(dst, skb);
if (neigh)
{
neigh->output(neigh, skb);
ip_rt_put(rt);
pkt_sent++;
}
#else
if (dst->hh)
{
#if (LINUX_VERSION_CODE < KERNEL_VERSION(2,6,18))
int hh_alen;
read_lock_bh(dst->hh->hh_lock);
hh_alen = HH_DATA_ALIGN(dst->hh->hh_len);
memcpy(skb->data - hh_alen, dst->hh->hh_data, hh_alen);
read_unlock_bh(dst->hh->hh_lock);
skb_push(skb, dst->hh->hh_len);
dst->hh->hh_output(skb);
#else
neigh_hh_output(dst->hh, skb);
#endif
ip_rt_put(rt);
pkt_sent++;
}
else if (dst->neighbour)
{
dst->neighbour->output(skb);
ip_rt_put(rt);
pkt_sent++;
}
#endif
else
{
kfree_skb(skb);
ip_rt_put(rt);
PRINT("Nao sei como enviar pacote de saida\n");
}
#if (((LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,41)) && \
(LINUX_VERSION_CODE < KERNEL_VERSION(3,0,0))) || \
(LINUX_VERSION_CODE >= KERNEL_VERSION(3,1,0)))
rcu_read_unlock();
#endif
}
if (!pkt_sent)
return -1;
return 0;
}
static int ip6_dst_lookup_tail(struct sock *sk,
struct dst_entry **dst, struct flowi6 *fl6)
{
struct net *net = sock_net(sk);
#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
struct neighbour *n;
#endif
int err;
if (*dst == NULL)
*dst = ip6_route_output(net, sk, fl6);
if ((err = (*dst)->error))
goto out_err_release;
if (ipv6_addr_any(&fl6->saddr)) {
struct rt6_info *rt = (struct rt6_info *) *dst;
err = ip6_route_get_saddr(net, rt, &fl6->daddr,
sk ? inet6_sk(sk)->srcprefs : 0,
&fl6->saddr);
if (err)
goto out_err_release;
}
#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
/*
* Here if the dst entry we've looked up
* has a neighbour entry that is in the INCOMPLETE
* state and the src address from the flow is
* marked as OPTIMISTIC, we release the found
* dst entry and replace it instead with the
* dst entry of the nexthop router
*/
rcu_read_lock();
n = dst_get_neighbour_noref(*dst);
if (n && !(n->nud_state & NUD_VALID)) {
struct inet6_ifaddr *ifp;
struct flowi6 fl_gw6;
int redirect;
rcu_read_unlock();
ifp = ipv6_get_ifaddr(net, &fl6->saddr,
(*dst)->dev, 1);
redirect = (ifp && ifp->flags & IFA_F_OPTIMISTIC);
if (ifp)
in6_ifa_put(ifp);
if (redirect) {
/*
* We need to get the dst entry for the
* default router instead
*/
dst_release(*dst);
memcpy(&fl_gw6, fl6, sizeof(struct flowi6));
memset(&fl_gw6.daddr, 0, sizeof(struct in6_addr));
*dst = ip6_route_output(net, sk, &fl_gw6);
if ((err = (*dst)->error))
goto out_err_release;
}
} else {
rcu_read_unlock();
}
#endif
return 0;
out_err_release:
if (err == -ENETUNREACH)
IP6_INC_STATS_BH(net, NULL, IPSTATS_MIB_OUTNOROUTES);
dst_release(*dst);
*dst = NULL;
return err;
}
static netdev_tx_t clip_start_xmit(struct sk_buff *skb,
struct net_device *dev)
{
struct clip_priv *clip_priv = PRIV(dev);
struct dst_entry *dst = skb_dst(skb);
struct atmarp_entry *entry;
struct neighbour *n;
struct atm_vcc *vcc;
int old;
unsigned long flags;
pr_debug("(skb %p)\n", skb);
if (!dst) {
pr_err("skb_dst(skb) == NULL\n");
dev_kfree_skb(skb);
dev->stats.tx_dropped++;
return NETDEV_TX_OK;
}
n = dst_get_neighbour_noref(dst);
if (!n) {
pr_err("NO NEIGHBOUR !\n");
dev_kfree_skb(skb);
dev->stats.tx_dropped++;
return NETDEV_TX_OK;
}
entry = neighbour_priv(n);
if (!entry->vccs) {
if (time_after(jiffies, entry->expires)) {
/* should be resolved */
entry->expires = jiffies + ATMARP_RETRY_DELAY * HZ;
to_atmarpd(act_need, PRIV(dev)->number, *((__be32 *)n->primary_key));
}
if (entry->neigh->arp_queue.qlen < ATMARP_MAX_UNRES_PACKETS)
skb_queue_tail(&entry->neigh->arp_queue, skb);
else {
dev_kfree_skb(skb);
dev->stats.tx_dropped++;
}
return NETDEV_TX_OK;
}
pr_debug("neigh %p, vccs %p\n", entry, entry->vccs);
ATM_SKB(skb)->vcc = vcc = entry->vccs->vcc;
pr_debug("using neighbour %p, vcc %p\n", n, vcc);
if (entry->vccs->encap) {
void *here;
here = skb_push(skb, RFC1483LLC_LEN);
memcpy(here, llc_oui, sizeof(llc_oui));
((__be16 *) here)[3] = skb->protocol;
}
atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
ATM_SKB(skb)->atm_options = vcc->atm_options;
entry->vccs->last_use = jiffies;
pr_debug("atm_skb(%p)->vcc(%p)->dev(%p)\n", skb, vcc, vcc->dev);
old = xchg(&entry->vccs->xoff, 1); /* assume XOFF ... */
if (old) {
pr_warning("XOFF->XOFF transition\n");
return NETDEV_TX_OK;
}
dev->stats.tx_packets++;
dev->stats.tx_bytes += skb->len;
vcc->send(vcc, skb);
if (atm_may_send(vcc, 0)) {
entry->vccs->xoff = 0;
return NETDEV_TX_OK;
}
spin_lock_irqsave(&clip_priv->xoff_lock, flags);
netif_stop_queue(dev); /* XOFF -> throttle immediately */
barrier();
if (!entry->vccs->xoff)
netif_start_queue(dev);
/* Oh, we just raced with clip_pop. netif_start_queue should be
good enough, because nothing should really be asleep because
of the brief netif_stop_queue. If this isn't true or if it
changes, use netif_wake_queue instead. */
spin_unlock_irqrestore(&clip_priv->xoff_lock, flags);
return NETDEV_TX_OK;
}
