From: Florian Westphal <fw@strlen.de>
To: netfilter-devel@vger.kernel.org
Cc: bsd@redhat.com, stephen@networkplumber.org,
netdev@cger.kernel.org, herbert@gondor.apana.org.au,
eric.dumazet@gmail.com, davidn@davidnewall.com,
Florian Westphal <fw@strlen.de>
Subject: [PATCH nf next 1/3] bridge: prepend inet_skb_param dummy to bridge cb
Date: Sat, 4 Oct 2014 03:04:28 +0200 [thread overview]
Message-ID: <1412384670-17794-2-git-send-email-fw@strlen.de> (raw)
In-Reply-To: <1412384670-17794-1-git-send-email-fw@strlen.de>
bridge can make upcalls into the ip stack, especially
when bridge netfilter is involved, we can end up calling ip_fragment().
IPv4 functions, however, may (rightfully) depend on skb->cb[]
containing the IPCB area, where eg. earlier-parsed ip options
reside.
However, since bridge has its own cb area, this has caused several
crashes in the past, and several call sites in br_netfilter since
zero ->cb again before invoking netfilter hooks.
We've tried to cure these in the past by applying memsets of skb->cb
where needed, and parsing ip options within the bridge layer.
This isn't such a great idea since we e.g. lose max fragment size
information stored there via ipv4 defrag.
Also, since 462fb2af9788a82 (bridge : Sanitize skb before it enters the IP
stack) bridge handling of received packets with ipv4 options is broken
in different ways (crash, then discarding of such packets).
This patch, originally proposed by Eric Dumazet, prepends
inet_skb_param padding so IPCB contents will be preserved (e.g.
ipv4 defrag info).
This is a first step in fixing handling of ipv4 packets with options.
br_input_skb_cb is now exactly 48 bytes.
Cc: Bandan Das <bsd@redhat.com>
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/bridge/br.c | 2 ++
net/bridge/br_private.h | 6 ++++++
2 files changed, 8 insertions(+)
diff --git a/net/bridge/br.c b/net/bridge/br.c
index 44425af..4ee730e 100644
--- a/net/bridge/br.c
+++ b/net/bridge/br.c
@@ -147,6 +147,8 @@ static int __init br_init(void)
{
int err;
+ BUILD_BUG_ON(sizeof(struct br_input_skb_cb) > FIELD_SIZEOF(struct sk_buff, cb));
+
err = stp_proto_register(&br_stp_proto);
if (err < 0) {
pr_err("bridge: can't register sap for STP\n");
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index f53592f..559938f 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -19,6 +19,8 @@
#include <linux/u64_stats_sync.h>
#include <net/route.h>
#include <linux/if_vlan.h>
+#include <linux/ipv6.h>
+#include <net/ip.h>
#define BR_HASH_BITS 8
#define BR_HASH_SIZE (1 << BR_HASH_BITS)
@@ -304,6 +306,10 @@ struct net_bridge
};
struct br_input_skb_cb {
+ union {
+ struct inet_skb_parm inet4_parm;
+ struct inet6_skb_parm inet6_param;
+ } inet_parm;
struct net_device *brdev;
#ifdef CONFIG_BRIDGE_IGMP_SNOOPING
int igmp;
--
2.0.4
next prev parent reply other threads:[~2014-10-04 1:05 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-04 1:04 [PATCH nf next 0/3] bridge: netfilter: fix handling of ipv4 packets w. options Florian Westphal
2014-10-04 1:04 ` Florian Westphal [this message]
2014-10-04 1:04 ` [PATCH nf next 2/3] netfilter: bridge: don't parse ip headers in fwd and output path Florian Westphal
2014-10-04 1:04 ` [PATCH nf-next 3/3] netfilter: bridge: don't mangle ipv4 header options Florian Westphal
2014-10-04 3:56 ` [PATCH nf next 0/3] bridge: netfilter: fix handling of ipv4 packets w. options Herbert Xu
2014-10-04 10:04 ` Florian Westphal
2014-10-04 13:55 ` Herbert Xu
2014-10-04 14:18 ` bridge: Do not compile options in br_parse_ip_options Herbert Xu
2014-10-04 18:06 ` Florian Westphal
2014-10-05 3:53 ` bridge: Respect call-iptables sysctls everywhere Herbert Xu
2014-10-05 4:00 ` bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING Herbert Xu
2014-10-07 19:13 ` David Miller
2014-10-05 9:13 ` bridge: Respect call-iptables sysctls everywhere Florian Westphal
2014-10-05 10:18 ` Herbert Xu
2014-10-06 4:53 ` bridge: Do not compile options in br_parse_ip_options David Miller
2014-10-24 10:41 ` Florian Westphal
2014-10-24 12:28 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1412384670-17794-2-git-send-email-fw@strlen.de \
--to=fw@strlen.de \
--cc=bsd@redhat.com \
--cc=davidn@davidnewall.com \
--cc=eric.dumazet@gmail.com \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@cger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).