From: <gregkh@linuxfoundation.org>
To: fw@strlen.de, gregkh@linuxfoundation.org, pablo@netfilter.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING" has been added to the 3.19-stable tree
Date: Sat, 02 May 2015 20:42:33 +0200 [thread overview]
Message-ID: <1430592153123234@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING
to the 3.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-bridge-really-save-frag_max_size-between-pre-and-post_routing.patch
and it can be found in the queue-3.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 0b67c43ce36a9964f1d5e3f973ee19eefd3f9f8f Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 1 Apr 2015 22:36:27 +0200
Subject: netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING
From: Florian Westphal <fw@strlen.de>
commit 0b67c43ce36a9964f1d5e3f973ee19eefd3f9f8f upstream.
We also need to save/store in forward, else br_parse_ip_options call
will zero frag_max_size as well.
Fixes: 93fdd47e5 ('bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING')
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bridge/br_netfilter.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -651,6 +651,13 @@ static int br_nf_forward_finish(struct s
struct net_device *in;
if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) {
+ int frag_max_size;
+
+ if (skb->protocol == htons(ETH_P_IP)) {
+ frag_max_size = IPCB(skb)->frag_max_size;
+ BR_INPUT_SKB_CB(skb)->frag_max_size = frag_max_size;
+ }
+
in = nf_bridge->physindev;
if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST;
@@ -710,8 +717,14 @@ static unsigned int br_nf_forward_ip(con
nf_bridge->mask |= BRNF_PKT_TYPE;
}
- if (pf == NFPROTO_IPV4 && br_parse_ip_options(skb))
- return NF_DROP;
+ if (pf == NFPROTO_IPV4) {
+ int frag_max = BR_INPUT_SKB_CB(skb)->frag_max_size;
+
+ if (br_parse_ip_options(skb))
+ return NF_DROP;
+
+ IPCB(skb)->frag_max_size = frag_max;
+ }
/* The physdev module checks on this */
nf_bridge->mask |= BRNF_BRIDGED;
Patches currently in stable-queue which might be from fw@strlen.de are
queue-3.19/netfilter-bridge-really-save-frag_max_size-between-pre-and-post_routing.patch
reply other threads:[~2015-05-02 18:42 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1430592153123234@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=fw@strlen.de \
--cc=pablo@netfilter.org \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.