--- zzzz-none-000/linux-4.4.271/net/bridge/br_private.h 2021-06-03 06:22:09.000000000 +0000 +++ maple-fsgw-759/linux-4.4.271/net/bridge/br_private.h 2023-12-20 10:37:40.000000000 +0000 @@ -21,6 +21,9 @@ #include #include #include +#include +#include +#include #define BR_HASH_BITS 8 #define BR_HASH_SIZE (1 << BR_HASH_BITS) @@ -158,6 +161,7 @@ struct timer_list timer; struct br_ip addr; unsigned char state; + unsigned char eth_addr[ETH_ALEN]; }; struct net_bridge_mdb_entry @@ -267,6 +271,12 @@ bool nf_call_ip6tables; bool nf_call_arptables; #endif +#ifdef CONFIG_AVM_BRIDGE_FLOOD_RATELIMITER + atomic_t avm_flood_credits; + int avm_flood_credits_max; + int avm_flood_credits_recov_rate; + struct timer_list avm_flood_rl_timer; +#endif u16 group_fwd_mask; u16 group_fwd_mask_required; @@ -482,6 +492,11 @@ const unsigned char *addr, u16 vid); /* br_forward.c */ +enum br_pkt_type { + BR_PKT_UNICAST, + BR_PKT_MULTICAST, + BR_PKT_BROADCAST +}; void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb); int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb); void br_forward(const struct net_bridge_port *to, @@ -504,6 +519,7 @@ void br_manage_promisc(struct net_bridge *br); /* br_input.c */ +int br_pass_frame_up(struct sk_buff *skb); int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb); rx_handler_result_t br_handle_frame(struct sk_buff **pskb); @@ -555,7 +571,7 @@ struct net_bridge_port_group * br_multicast_new_port_group(struct net_bridge_port *port, struct br_ip *group, struct net_bridge_port_group __rcu *next, - unsigned char state); + unsigned char state, const unsigned char *src); void br_mdb_init(void); void br_mdb_uninit(void); void br_mdb_notify(struct net_device *dev, struct net_bridge_port *port, @@ -902,13 +918,41 @@ /* br_netfilter.c */ #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) +extern int brnf_call_ebtables; int br_nf_core_init(void); void br_nf_core_fini(void); void br_netfilter_rtable_init(struct net_bridge *); +bool br_netfilter_run_hooks(void); #else static inline int br_nf_core_init(void) { return 0; } static inline void br_nf_core_fini(void) {} #define br_netfilter_rtable_init(x) +#define br_netfilter_run_hooks() false +#endif + +static inline int +BR_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, + struct sk_buff *skb, struct net_device *in, struct net_device *out, + int (*okfn)(struct net *, struct sock *, struct sk_buff *)) +{ + if (!br_netfilter_run_hooks()) + return okfn(net, sk, skb); + + return NF_HOOK(pf, hook, net, sk, skb, in, out, okfn); +} + +/* br_bcast_rl.c */ +#ifdef CONFIG_AVM_BRIDGE_FLOOD_RATELIMITER +int br_flood_rl_init(void); +void br_flood_rl_fini(void); +void br_flood_rl_setup(struct net_bridge *br); +ssize_t br_flood_rl_set_credits(struct net_bridge *br, unsigned long v); +unsigned int br_flood_rl(struct net_bridge *br, struct sk_buff *skb, struct net_device *src_dev); +#else +#define br_flood_rl_init() (0) +#define br_flood_rl_fini() do { } while (0) +#define br_flood_rl_setup(br) do { } while (0) +#define br_flood_rl(br, skb, dev) (1) #endif /* br_stp.c */ @@ -979,6 +1023,29 @@ static inline int br_sysfs_renameif(struct net_bridge_port *p) { return 0; } static inline int br_sysfs_addbr(struct net_device *dev) { return 0; } static inline void br_sysfs_delbr(struct net_device *dev) { return; } +static inline void br_isol_remove_port(struct net_bridge_port *p) { return; } #endif /* CONFIG_SYSFS */ +#define __br_get(__hook, __default, __args ...) \ + (__hook ? (__hook(__args)) : (__default)) + +static inline void __br_notify(int group, int type, const void *data) +{ + br_notify_hook_t *notify_hook = rcu_dereference(br_notify_hook); + + if (notify_hook) + notify_hook(group, type, data); +} + + +#ifdef CONFIG_AVM_BRIDGE_ISOLATION +ssize_t br_isol_show(struct net_bridge_port *p, char *buf); +int br_isol_store(struct net_bridge_port *p, unsigned long v); +void br_isol_remove_port(struct net_bridge_port *p); +unsigned int br_isol_hook(void *priv, struct sk_buff *skb, + const struct nf_hook_state *state); +#else +static inline void br_isol_remove_port(struct net_bridge_port *p) { return; } +#endif /* CONFIG_AVM_BRIDGE_ISOLATION */ + #endif