github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 15:12:59 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
2130fb7689
linux/net/bridge
History
Antoine Tenart c9c048d4e3 netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal 
[ Upstream commit 44f64f23ba ]

Netfilter changes PACKET_OTHERHOST to PACKET_HOST before invoking the
hooks as, while it's an expected value for a bridge, routing expects
PACKET_HOST. The change is undone later on after hook traversal. This
can be seen with pairs of functions updating skb>pkt_type and then
reverting it to its original value:

For hook NF_INET_PRE_ROUTING:
  setup_pre_routing / br_nf_pre_routing_finish

For hook NF_INET_FORWARD:
  br_nf_forward_ip / br_nf_forward_finish

But the third case where netfilter does this, for hook
NF_INET_POST_ROUTING, the packet type is changed in br_nf_post_routing
but never reverted. A comment says:

  /* We assume any code from br_dev_queue_push_xmit onwards doesn't care
   * about the value of skb->pkt_type. */

But when having a tunnel (say vxlan) attached to a bridge we have the
following call trace:

  br_nf_pre_routing
  br_nf_pre_routing_ipv6
     br_nf_pre_routing_finish
  br_nf_forward_ip
     br_nf_forward_finish
  br_nf_post_routing           <- pkt_type is updated to PACKET_HOST
     br_nf_dev_queue_xmit      <- but not reverted to its original value
  vxlan_xmit
     vxlan_xmit_one
        skb_tunnel_check_pmtu  <- a check on pkt_type is performed

In this specific case, this creates issues such as when an ICMPv6 PTB
should be sent back. When CONFIG_BRIDGE_NETFILTER is enabled, the PTB
isn't sent (as skb_tunnel_check_pmtu checks if pkt_type is PACKET_HOST
and returns early).

If the comment is right and no one cares about the value of
skb->pkt_type after br_dev_queue_push_xmit (which isn't true), resetting
it to its original value should be safe.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Antoine Tenart <atenart@kernel.org>
Reviewed-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20201123174902.622102-1-atenart@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-12-08 10:18:53 +01:00
..
netfilter netfilter: nft_reject_bridge: enable reject with bridge vlan 2020-06-03 08:19:47 +02:00
br_arp_nd_proxy.c bridge: Avoid infinite loop when suppressing NS messages with invalid options 2020-06-22 09:04:58 +02:00
br_device.c net: bridge: add missing counters to ndo_get_stats64 callback 2020-11-24 13:27:17 +01:00
br_fdb.c net: bridge: Mark FDB entries that were added by user as such 2019-02-27 10:08:57 +01:00
br_forward.c net: bridge: Fix ethernet header pointer before check skb forwardable 2019-01-31 08:14:31 +01:00
br_if.c bridge: Fix error path for kobject_init_and_add() 2019-05-16 19:41:29 +02:00
br_input.c net: bridge: don't cache ether dest pointer on input 2019-07-28 08:29:27 +02:00
br_ioctl.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
br_mdb.c bridge/mdb: remove wrong use of NLM_F_MULTI 2019-09-19 09:09:28 +02:00
br_multicast.c net: bridge: mcast: don't delete permanent entries when fast leave is enabled 2019-08-09 17:52:31 +02:00
br_netfilter_hooks.c netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal 2020-12-08 10:18:53 +01:00
br_netfilter_ipv6.c netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING 2019-05-04 09:20:12 +02:00
br_netlink_tunnel.c bridge: netlink: make setlink/dellink notifications more accurate 2017-10-29 11:03:43 +09:00
br_netlink.c net: bridge: add support for backup port 2018-07-23 09:32:15 -07:00
br_nf_core.c net: add bool confirm_neigh parameter for dst_ops.update_pmtu 2020-01-04 19:13:37 +01:00
br_private_stp.h net: bridge: add helper to set topology change 2016-12-10 21:27:23 -05:00
br_private_tunnel.h bridge: netlink: make setlink/dellink notifications more accurate 2017-10-29 11:03:43 +09:00
br_private.h net: bridge: enfore alignment for ethernet address 2020-06-30 23:17:03 -04:00
br_stp_bpdu.c net: bridge: stp: don't cache eth dest pointer before skb pull 2019-07-28 08:29:27 +02:00
br_stp_if.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
br_stp_timer.c net: bridge: Convert timers to use timer_setup() 2017-11-03 15:42:49 +09:00
br_stp.c net: bridge: add notifications for the bridge dev on vlan change 2017-11-02 15:53:40 +09:00
br_switchdev.c net: bridge: Extract boilerplate around switchdev_port_obj_*() 2018-05-31 14:13:42 -04:00
br_sysfs_br.c net: Use octal not symbolic permissions 2018-03-26 12:07:48 -04:00
br_sysfs_if.c net: bridge: add support for backup port 2018-07-23 09:32:15 -07:00
br_vlan_tunnel.c bridge: vlan_tunnel: explicitly reset metadata attrs to NULL on failure 2017-02-17 13:33:41 -05:00
br_vlan.c net: bridge: delete local fdb on device init failure 2019-08-09 17:52:31 +02:00
br.c net: bridge: Notify about !added_by_user FDB entries 2018-05-03 13:46:47 -04:00
Kconfig
Makefile Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-04 09:26:51 +09:00