* [PATCH] bridge: packets leaking out of disabled/blocked ports
[not found] ` <426497.88154.qm@web51910.mail.re2.yahoo.com>
@ 2007-08-30 19:22 ` Stephen Hemminger
2007-08-30 20:03 ` John W. Linville
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2007-08-30 19:22 UTC (permalink / raw)
To: wang dengyi, David S. Miller; +Cc: bridge, netdev
This patch fixes some packet leakage in bridge. The bridging code
was allowing forward table entries to be generated even if a device
was being blocked. The fix is to not add forwarding database entries
unless the port is active.
The bug arose as part of the conversion to processing STP frames
through normal receive path (in 2.6.17).
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
--- a/net/bridge/br_fdb.c 2007-08-30 07:49:01.000000000 -0700
+++ b/net/bridge/br_fdb.c 2007-08-30 11:40:36.000000000 -0700
@@ -384,6 +384,11 @@ void br_fdb_update(struct net_bridge *br
if (hold_time(br) == 0)
return;
+ /* ignore packets unless we are using this port */
+ if (!(source->state == BR_STATE_LEARNING ||
+ source->state == BR_STATE_FORWARDING))
+ return;
+
fdb = fdb_find(head, addr);
if (likely(fdb)) {
/* attempt to update an entry for a local interface */
--- a/net/bridge/br_input.c 2007-08-30 07:49:01.000000000 -0700
+++ b/net/bridge/br_input.c 2007-08-30 12:19:57.000000000 -0700
@@ -101,9 +101,8 @@ static int br_handle_local_finish(struct
{
struct net_bridge_port *p = rcu_dereference(skb->dev->br_port);
- if (p && p->state != BR_STATE_DISABLED)
+ if (p)
br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
-
return 0; /* process further */
}
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] bridge: packets leaking out of disabled/blocked ports
2007-08-30 19:22 ` [PATCH] bridge: packets leaking out of disabled/blocked ports Stephen Hemminger
@ 2007-08-30 20:03 ` John W. Linville
2007-08-31 5:15 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: John W. Linville @ 2007-08-30 20:03 UTC (permalink / raw)
To: Stephen Hemminger; +Cc: wang dengyi, David S. Miller, bridge, netdev
On Thu, Aug 30, 2007 at 12:22:58PM -0700, Stephen Hemminger wrote:
> This patch fixes some packet leakage in bridge. The bridging code
> was allowing forward table entries to be generated even if a device
> was being blocked. The fix is to not add forwarding database entries
> unless the port is active.
Seems reasonable -- ACK
John
--
John W. Linville
linville@tuxdriver.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] bridge: packets leaking out of disabled/blocked ports
2007-08-30 20:03 ` John W. Linville
@ 2007-08-31 5:15 ` David Miller
0 siblings, 0 replies; 3+ messages in thread
From: David Miller @ 2007-08-31 5:15 UTC (permalink / raw)
To: linville; +Cc: shemminger, dy_wang, bridge, netdev
From: "John W. Linville" <linville@tuxdriver.com>
Date: Thu, 30 Aug 2007 16:03:13 -0400
> On Thu, Aug 30, 2007 at 12:22:58PM -0700, Stephen Hemminger wrote:
> > This patch fixes some packet leakage in bridge. The bridging code
> > was allowing forward table entries to be generated even if a device
> > was being blocked. The fix is to not add forwarding database entries
> > unless the port is active.
>
> Seems reasonable -- ACK
Applied, thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-08-31 5:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20070829150515.54dd7ecf@freepuppy.rosehill.hemminger.net>
[not found] ` <426497.88154.qm@web51910.mail.re2.yahoo.com>
2007-08-30 19:22 ` [PATCH] bridge: packets leaking out of disabled/blocked ports Stephen Hemminger
2007-08-30 20:03 ` John W. Linville
2007-08-31 5:15 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).