Signed-off-by: Vasily Averin <vvs@xxxxxxxxxx>
---
net/bridge/br_netfilter.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index dbf73cb..5043b1e 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -681,6 +681,7 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops,
{
struct net_bridge_port *p;
struct net_bridge *br;
+ struct brnf_net *bn;
__u32 len = nf_bridge_encap_header_len(skb);
if (unlikely(!pskb_may_pull(skb, len)))
@@ -691,15 +692,16 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops,
return NF_DROP;
br = p->br;
+ bn = brnf_net(dev_net(skb->dev));
if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb)) {
- if (!init_brnf_net.nf_call_ip6tables && !br->nf_call_ip6tables)
+ if (!bn->nf_call_ip6tables && !br->nf_call_ip6tables)
return NF_ACCEPT;
nf_bridge_pull_encap_header_rcsum(skb);
return br_nf_pre_routing_ipv6(ops, skb, in, out, okfn);
}
- if (!init_brnf_net.nf_call_iptables && !br->nf_call_iptables)
+ if (!bn->nf_call_iptables && !br->nf_call_iptables)
return NF_ACCEPT;
if (!IS_IP(skb) && !IS_VLAN_IP(skb) && !IS_PPPOE_IP(skb))
@@ -1075,7 +1077,7 @@ static int brnf_sysctl_net_register(struct brnf_net *bn)
if (!table)
goto err_alloc;
}
- for (i = 0; i < 1; i++)
+ for (i = 0; i < 3; i++)
table[i].data += (char *)bn - (char *)&init_brnf_net;
hdr = register_net_sysctl(bn->net, "net/bridge", table);
--
1.7.5.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
