From: Martin Faecknitz <faecknitz@hotsplots.de>
To: netdev@vger.kernel.org
Subject: [PATCH net] bridge: br_handle_local_finish should not return zero
Date: Sat, 14 Dec 2013 21:52:08 +0100 [thread overview]
Message-ID: <52ACC4F8.6080703@hotsplots.de> (raw)
br_handle_local_finish is called by NF_HOOK(...) after accepting the packet. If
the return value of NF_HOOK(...) is zero (i.e. the return value of
br_handle_local_finish), the packet is passed to the network stack. This
behavior conflicts with netfilter hooks which return NF_STOLEN/NF_QUEUE. In this
case, NF_HOOK(...) returns also zero (see nf_hook_slow) but
br_handle_local_finish was never called. The packet will still passed to the
network stack.
Signed-off-by: Martin Faecknitz
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -149,7 +149,7 @@ static int br_handle_local_finish(struct sk_buff *skb)
br_vlan_get_tag(skb, &vid);
if (p->flags & BR_LEARNING)
br_fdb_update(p->br, p, eth_hdr(skb)->h_source, vid);
- return 0; /* process further */
+ return 1; /* process further */
}
/*
@@ -208,7 +208,7 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb)
/* Deliver packet to local host only */
if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
- NULL, br_handle_local_finish)) {
+ NULL, br_handle_local_finish) != 1) {
return RX_HANDLER_CONSUMED; /* consumed by filter */
} else {
*pskb = skb;
next reply other threads:[~2013-12-14 21:01 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-14 20:52 Martin Faecknitz [this message]
2013-12-17 21:13 ` [PATCH net] bridge: br_handle_local_finish should not return zero David Miller
2013-12-17 21:55 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52ACC4F8.6080703@hotsplots.de \
--to=faecknitz@hotsplots.de \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.