* ebtables dnat rule gets system frozen @ 2019-11-03 11:14 Tom Yan 2019-11-03 19:16 ` Florian Westphal 2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal 0 siblings, 2 replies; 4+ messages in thread From: Tom Yan @ 2019-11-03 11:14 UTC (permalink / raw) To: netfilter-devel; +Cc: netfilter Kernel version being 5.3.8, after adding a dnat rule (to the OUTPUT chain) with ebtables-nft in iptables 1.8.3, my system is frozen as soon as I ping anything. I couldn't catch anything with dmesg -w. Can anyone reproduce the same issue? I am on Arch Linux. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ebtables dnat rule gets system frozen 2019-11-03 11:14 ebtables dnat rule gets system frozen Tom Yan @ 2019-11-03 19:16 ` Florian Westphal 2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal 1 sibling, 0 replies; 4+ messages in thread From: Florian Westphal @ 2019-11-03 19:16 UTC (permalink / raw) To: Tom Yan; +Cc: netfilter-devel, netfilter Tom Yan <tom.ty89@gmail.com> wrote: > Kernel version being 5.3.8, after adding a dnat rule (to the OUTPUT > chain) with ebtables-nft in iptables 1.8.3, my system is frozen as > soon as I ping anything. I couldn't catch anything with dmesg -w. Can > anyone reproduce the same issue? I am on Arch Linux. Yes, investigating. ^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains 2019-11-03 11:14 ebtables dnat rule gets system frozen Tom Yan 2019-11-03 19:16 ` Florian Westphal @ 2019-11-03 19:54 ` Florian Westphal 2019-11-04 19:19 ` Pablo Neira Ayuso 1 sibling, 1 reply; 4+ messages in thread From: Florian Westphal @ 2019-11-03 19:54 UTC (permalink / raw) To: netfilter-devel; +Cc: Florian Westphal, Tom Yan, Linus Lüssing xt_in() returns NULL in the output hook, skip the pkt_type change for that case, redirection only makes sense in broute/prerouting hooks. Reported-by: Tom Yan <tom.ty89@gmail.com> Cc: Linus Lüssing <linus.luessing@c0d3.blue> Fixes: cf3cb246e277d ("bridge: ebtables: fix reception of frames DNAT-ed to bridge device/port") Signed-off-by: Florian Westphal <fw@strlen.de> --- net/bridge/netfilter/ebt_dnat.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c index ed91ea31978a..12a4f4d93681 100644 --- a/net/bridge/netfilter/ebt_dnat.c +++ b/net/bridge/netfilter/ebt_dnat.c @@ -20,7 +20,6 @@ static unsigned int ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par) { const struct ebt_nat_info *info = par->targinfo; - struct net_device *dev; if (skb_ensure_writable(skb, ETH_ALEN)) return EBT_DROP; @@ -33,10 +32,22 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par) else skb->pkt_type = PACKET_MULTICAST; } else { - if (xt_hooknum(par) != NF_BR_BROUTING) - dev = br_port_get_rcu(xt_in(par))->br->dev; - else + const struct net_device *dev; + + switch (xt_hooknum(par)) { + case NF_BR_BROUTING: dev = xt_in(par); + break; + case NF_BR_PRE_ROUTING: + dev = br_port_get_rcu(xt_in(par))->br->dev; + break; + default: + dev = NULL; + break; + } + + if (!dev) /* NF_BR_LOCAL_OUT */ + return info->target; if (ether_addr_equal(info->mac, dev->dev_addr)) skb->pkt_type = PACKET_HOST; -- 2.23.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains 2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal @ 2019-11-04 19:19 ` Pablo Neira Ayuso 0 siblings, 0 replies; 4+ messages in thread From: Pablo Neira Ayuso @ 2019-11-04 19:19 UTC (permalink / raw) To: Florian Westphal; +Cc: netfilter-devel, Tom Yan, Linus Lüssing On Sun, Nov 03, 2019 at 08:54:28PM +0100, Florian Westphal wrote: > xt_in() returns NULL in the output hook, skip the pkt_type change for > that case, redirection only makes sense in broute/prerouting hooks. Applied, thanks. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-11-04 19:19 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-11-03 11:14 ebtables dnat rule gets system frozen Tom Yan 2019-11-03 19:16 ` Florian Westphal 2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal 2019-11-04 19:19 ` Pablo Neira Ayuso
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.