* Re: [Bug 16572] random panics in bridging on 2.6.34+ [not found] ` <20110318081052.6ca134fb@nehalam> @ 2011-03-18 15:27 ` Herbert Xu 2011-03-18 16:03 ` Stephen Hemminger 0 siblings, 1 reply; 3+ messages in thread From: Herbert Xu @ 2011-03-18 15:27 UTC (permalink / raw) To: Stephen Hemminger, David S. Miller, netdev; +Cc: bugzilla-daemon On Fri, Mar 18, 2011 at 08:10:52AM -0700, Stephen Hemminger wrote: > On Fri, 18 Mar 2011 13:49:03 GMT > bugzilla-daemon@bugzilla.kernel.org wrote: > > > https://bugzilla.kernel.org/show_bug.cgi?id=16572 > > Herbert hasn't submitted the patch upstream. Oops! Thanks for reminding me. bridge: Reset IPCB when entering IP stack on NF_FORWARD Whenever we enter the IP stack proper from bridge netfilter we need to ensure that the skb is in a form the IP stack expects it to be in. The entry point on NF_FORWARD did not meet the requirements of the IP stack, therefore leading to potential crashes/panics. This patch fixes the problem. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 865fd76..7e9b167 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -752,6 +752,9 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb, nf_bridge->mask |= BRNF_PKT_TYPE; } + if (br_parse_ip_options(skb)) + return NF_DROP; + /* The physdev module checks on this */ nf_bridge->mask |= BRNF_BRIDGED; nf_bridge->physoutdev = skb->dev; Cheers, -- Email: Herbert Xu <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Bug 16572] random panics in bridging on 2.6.34+ 2011-03-18 15:27 ` [Bug 16572] random panics in bridging on 2.6.34+ Herbert Xu @ 2011-03-18 16:03 ` Stephen Hemminger 2011-03-18 22:17 ` David Miller 0 siblings, 1 reply; 3+ messages in thread From: Stephen Hemminger @ 2011-03-18 16:03 UTC (permalink / raw) To: Herbert Xu; +Cc: David S. Miller, netdev, bugzilla-daemon On Fri, 18 Mar 2011 10:27:28 -0500 Herbert Xu <herbert@gondor.hengli.com.au> wrote: > On Fri, Mar 18, 2011 at 08:10:52AM -0700, Stephen Hemminger wrote: > > On Fri, 18 Mar 2011 13:49:03 GMT > > bugzilla-daemon@bugzilla.kernel.org wrote: > > > > > https://bugzilla.kernel.org/show_bug.cgi?id=16572 > > > > Herbert hasn't submitted the patch upstream. > > Oops! Thanks for reminding me. > > bridge: Reset IPCB when entering IP stack on NF_FORWARD > > Whenever we enter the IP stack proper from bridge netfilter we > need to ensure that the skb is in a form the IP stack expects > it to be in. > > The entry point on NF_FORWARD did not meet the requirements of > the IP stack, therefore leading to potential crashes/panics. > > This patch fixes the problem. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Stephen Hemminger <shemminger@vyatta.com> ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Bug 16572] random panics in bridging on 2.6.34+ 2011-03-18 16:03 ` Stephen Hemminger @ 2011-03-18 22:17 ` David Miller 0 siblings, 0 replies; 3+ messages in thread From: David Miller @ 2011-03-18 22:17 UTC (permalink / raw) To: shemminger; +Cc: herbert, netdev, bugzilla-daemon From: Stephen Hemminger <shemminger@linux-foundation.org> Date: Fri, 18 Mar 2011 09:03:38 -0700 > On Fri, 18 Mar 2011 10:27:28 -0500 > Herbert Xu <herbert@gondor.hengli.com.au> wrote: > >> On Fri, Mar 18, 2011 at 08:10:52AM -0700, Stephen Hemminger wrote: >> > On Fri, 18 Mar 2011 13:49:03 GMT >> > bugzilla-daemon@bugzilla.kernel.org wrote: >> > >> > > https://bugzilla.kernel.org/show_bug.cgi?id=16572 >> > >> > Herbert hasn't submitted the patch upstream. >> >> Oops! Thanks for reminding me. >> >> bridge: Reset IPCB when entering IP stack on NF_FORWARD >> >> Whenever we enter the IP stack proper from bridge netfilter we >> need to ensure that the skb is in a form the IP stack expects >> it to be in. >> >> The entry point on NF_FORWARD did not meet the requirements of >> the IP stack, therefore leading to potential crashes/panics. >> >> This patch fixes the problem. >> >> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > Acked-by: Stephen Hemminger <shemminger@vyatta.com> Applied. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-03-18 22:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <bug-16572-100@https.bugzilla.kernel.org/>
[not found] ` <201103181349.p2IDn3Qm024329@demeter2.kernel.org>
[not found] ` <20110318081052.6ca134fb@nehalam>
2011-03-18 15:27 ` [Bug 16572] random panics in bridging on 2.6.34+ Herbert Xu
2011-03-18 16:03 ` Stephen Hemminger
2011-03-18 22:17 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).