[PATCH AUTOSEL 4.14 05/43] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Xin Long <lucien.xin@gmail.com>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Sasha Levin <sashal@kernel.org>,
	netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
	netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 05/43] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
Date: Mon, 22 Apr 2019 15:46:49 -0400	[thread overview]
Message-ID: <20190422194727.12495-5-sashal@kernel.org> (raw)
In-Reply-To: <20190422194727.12495-1-sashal@kernel.org>

From: Xin Long <lucien.xin@gmail.com>

[ Upstream commit e166e4fdaced850bee3d5ee12a5740258fb30587 ]

Since Commit 21d1196a35f5 ("ipv4: set transport header earlier"),
skb->transport_header has been always set before entering INET
netfilter. This patch is to set skb->transport_header for bridge
before entering INET netfilter by bridge-nf-call-iptables.

It also fixes an issue that sctp_error() couldn't compute a right
csum due to unset skb->transport_header.

Fixes: e6d8b64b34aa ("net: sctp: fix and consolidate SCTP checksumming code")
Reported-by: Li Shuang <shuali@redhat.com>
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
---
 net/bridge/br_netfilter_hooks.c | 1 +
 net/bridge/br_netfilter_ipv6.c  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/net/bridge/br_netfilter_hooks.c b/net/bridge/br_netfilter_hooks.c
index 5fd283d9929e..89936e0d55c9 100644
--- a/net/bridge/br_netfilter_hooks.c
+++ b/net/bridge/br_netfilter_hooks.c
@@ -512,6 +512,7 @@ static unsigned int br_nf_pre_routing(void *priv,
 	nf_bridge->ipv4_daddr = ip_hdr(skb)->daddr;
 
 	skb->protocol = htons(ETH_P_IP);
+	skb->transport_header = skb->network_header + ip_hdr(skb)->ihl * 4;
 
 	NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, state->net, state->sk, skb,
 		skb->dev, NULL,
diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c
index 5811208863b7..09d5e0c7b3ba 100644
--- a/net/bridge/br_netfilter_ipv6.c
+++ b/net/bridge/br_netfilter_ipv6.c
@@ -235,6 +235,8 @@ unsigned int br_nf_pre_routing_ipv6(void *priv,
 	nf_bridge->ipv6_daddr = ipv6_hdr(skb)->daddr;
 
 	skb->protocol = htons(ETH_P_IPV6);
+	skb->transport_header = skb->network_header + sizeof(struct ipv6hdr);
+
 	NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, state->net, state->sk, skb,
 		skb->dev, NULL,
 		br_nf_pre_routing_finish_ipv6);
-- 
2.19.1

next prev parent reply	other threads:[~2019-04-22 19:59 UTC|newest]

Thread overview: 52+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-04-22 19:46 [PATCH AUTOSEL 4.14 01/43] ARM: dts: bcm283x: Fix hdmi hpd gpio pull Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 02/43] s390: limit brk randomization to 32MB Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 03/43] qlcnic: Avoid potential NULL pointer dereference Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 04/43] netfilter: nft_set_rbtree: check for inactive element after flag mismatch Sasha Levin
2019-04-22 19:46 ` Sasha Levin [this message]
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 06/43] s390/qeth: fix race when initializing the IP address table Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 07/43] sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 08/43] serial: ar933x_uart: Fix build failure with disabled console Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 09/43] KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots Sasha Levin
2019-04-22 19:46   ` Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 10/43] usb: gadget: net2280: Fix overrun of OUT messages Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 11/43] usb: gadget: net2280: Fix net2280_dequeue() Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 12/43] usb: gadget: net2272: Fix net2272_dequeue() Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 13/43] ARM: dts: pfla02: increase phy reset duration Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 14/43] net: ks8851: Dequeue RX packets explicitly Sasha Levin
2019-04-22 19:46 ` [PATCH AUTOSEL 4.14 15/43] net: ks8851: Reassert reset pin if chip ID check fails Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 16/43] net: ks8851: Delay requesting IRQ until opened Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 17/43] net: ks8851: Set initial carrier state to down Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 18/43] staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 19/43] staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 20/43] staging: rtl8712: uninitialized memory in read_bbreg_hdl() Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 21/43] staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 22/43] net: macb: Add null check for PCLK and HCLK Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 23/43] net/sched: don't dereference a->goto_chain to read the chain index Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 24/43] ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 25/43] NFS: Fix a typo in nfs_init_timeout_values() Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 26/43] net: xilinx: fix possible object reference leak Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 27/43] net: ibm: " Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 28/43] net: ethernet: ti: " Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 29/43] gpio: aspeed: fix a potential NULL pointer dereference Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 30/43] drm/meson: Fix invalid pointer in meson_drv_unbind() Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 31/43] drm/meson: Uninstall IRQ handler Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47   ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 32/43] scsi: qla4xxx: fix a potential NULL pointer dereference Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 33/43] usb: usb251xb: fix to avoid " Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 34/43] usb: u132-hcd: fix resource leak Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 35/43] tty: fix NULL pointer issue when tty_port ops is not set Sasha Levin
2019-04-23  5:35   ` Johan Hovold
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 36/43] ceph: fix use-after-free on symlink traversal Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 37/43] scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 38/43] libata: fix using DMA buffers on stack Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 39/43] gpio: of: Fix of_gpiochip_add() error path Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 40/43] kconfig/[mn]conf: handle backspace (^H) key Sasha Levin
     [not found] ` <20190422194727.12495-1-sashal-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
2019-04-22 19:47   ` [PATCH AUTOSEL 4.14 41/43] iommu/amd: Reserve exclusion range in iova-domain Sasha Levin
2019-04-22 19:47     ` Sasha Levin
2019-04-22 19:47     ` Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 42/43] ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK Sasha Levin
2019-04-22 19:47 ` [PATCH AUTOSEL 4.14 43/43] leds: pca9532: fix a potential NULL pointer dereference Sasha Levin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:5fd283d9929 dfblob:89936e0d55c dfblob:5811208863b
dfblob:09d5e0c7b3b )
 OR (
bs:"[PATCH AUTOSEL 4.14 05/43] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190422194727.12495-5-sashal@kernel.org \
    --to=sashal@kernel.org \
    --cc=coreteam@netfilter.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.