* [PATCH] bridge: packets leaking out of disabled/blocked ports [not found] ` <426497.88154.qm@web51910.mail.re2.yahoo.com> @ 2007-08-30 19:22 ` Stephen Hemminger 2007-08-30 20:03 ` John W. Linville 0 siblings, 1 reply; 3+ messages in thread From: Stephen Hemminger @ 2007-08-30 19:22 UTC (permalink / raw) To: wang dengyi, David S. Miller; +Cc: bridge, netdev This patch fixes some packet leakage in bridge. The bridging code was allowing forward table entries to be generated even if a device was being blocked. The fix is to not add forwarding database entries unless the port is active. The bug arose as part of the conversion to processing STP frames through normal receive path (in 2.6.17). Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org> --- a/net/bridge/br_fdb.c 2007-08-30 07:49:01.000000000 -0700 +++ b/net/bridge/br_fdb.c 2007-08-30 11:40:36.000000000 -0700 @@ -384,6 +384,11 @@ void br_fdb_update(struct net_bridge *br if (hold_time(br) == 0) return; + /* ignore packets unless we are using this port */ + if (!(source->state == BR_STATE_LEARNING || + source->state == BR_STATE_FORWARDING)) + return; + fdb = fdb_find(head, addr); if (likely(fdb)) { /* attempt to update an entry for a local interface */ --- a/net/bridge/br_input.c 2007-08-30 07:49:01.000000000 -0700 +++ b/net/bridge/br_input.c 2007-08-30 12:19:57.000000000 -0700 @@ -101,9 +101,8 @@ static int br_handle_local_finish(struct { struct net_bridge_port *p = rcu_dereference(skb->dev->br_port); - if (p && p->state != BR_STATE_DISABLED) + if (p) br_fdb_update(p->br, p, eth_hdr(skb)->h_source); - return 0; /* process further */ } ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] bridge: packets leaking out of disabled/blocked ports 2007-08-30 19:22 ` [PATCH] bridge: packets leaking out of disabled/blocked ports Stephen Hemminger @ 2007-08-30 20:03 ` John W. Linville 2007-08-31 5:15 ` David Miller 0 siblings, 1 reply; 3+ messages in thread From: John W. Linville @ 2007-08-30 20:03 UTC (permalink / raw) To: Stephen Hemminger; +Cc: wang dengyi, David S. Miller, bridge, netdev On Thu, Aug 30, 2007 at 12:22:58PM -0700, Stephen Hemminger wrote: > This patch fixes some packet leakage in bridge. The bridging code > was allowing forward table entries to be generated even if a device > was being blocked. The fix is to not add forwarding database entries > unless the port is active. Seems reasonable -- ACK John -- John W. Linville linville@tuxdriver.com ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] bridge: packets leaking out of disabled/blocked ports 2007-08-30 20:03 ` John W. Linville @ 2007-08-31 5:15 ` David Miller 0 siblings, 0 replies; 3+ messages in thread From: David Miller @ 2007-08-31 5:15 UTC (permalink / raw) To: linville; +Cc: shemminger, dy_wang, bridge, netdev From: "John W. Linville" <linville@tuxdriver.com> Date: Thu, 30 Aug 2007 16:03:13 -0400 > On Thu, Aug 30, 2007 at 12:22:58PM -0700, Stephen Hemminger wrote: > > This patch fixes some packet leakage in bridge. The bridging code > > was allowing forward table entries to be generated even if a device > > was being blocked. The fix is to not add forwarding database entries > > unless the port is active. > > Seems reasonable -- ACK Applied, thanks. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-08-31 5:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20070829150515.54dd7ecf@freepuppy.rosehill.hemminger.net>
[not found] ` <426497.88154.qm@web51910.mail.re2.yahoo.com>
2007-08-30 19:22 ` [PATCH] bridge: packets leaking out of disabled/blocked ports Stephen Hemminger
2007-08-30 20:03 ` John W. Linville
2007-08-31 5:15 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).