From: Pablo Neira Ayuso <pablo@netfilter.org>
To: "Linus Lüssing" <linus.luessing@c0d3.blue>
Cc: netdev@vger.kernel.org, bridge@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, coreteam@netfilter.org,
netfilter-devel@vger.kernel.org,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
"David S . Miller" <davem@davemloft.net>
Subject: Re: [PATCH net v3] bridge: ebtables: fix reception of frames DNAT-ed to bridge device/port
Date: Tue, 25 Apr 2017 11:10:22 +0200 [thread overview]
Message-ID: <20170425091022.GB2930@salvia> (raw)
In-Reply-To: <20170419194733.19006-1-linus.luessing@c0d3.blue>
On Wed, Apr 19, 2017 at 09:47:33PM +0200, Linus Lüssing wrote:
> When trying to redirect bridged frames to the bridge device itself or
> a bridge port (brouting) via the dnat target then this currently fails:
>
> The ethernet destination of the frame is dnat'ed to the MAC address of
> the bridge device or port just fine. However, the IP code drops it in
> the beginning of ip_input.c/ip_rcv() as the dnat target left
> the skb->pkt_type as PACKET_OTHERHOST.
>
> Fixing this by resetting skb->pkt_type to an appropriate type after
> dnat'ing.
Applied, thanks.
One comment below.
> @@ -18,11 +19,32 @@ static unsigned int
> ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par)
> {
> const struct ebt_nat_info *info = par->targinfo;
> + struct net_device *dev;
>
> if (!skb_make_writable(skb, 0))
> return EBT_DROP;
>
> ether_addr_copy(eth_hdr(skb)->h_dest, info->mac);
> +
> + if (is_multicast_ether_addr(info->mac)) {
> + if (is_broadcast_ether_addr(info->mac))
> + skb->pkt_type = PACKET_BROADCAST;
> + else
> + skb->pkt_type = PACKET_MULTICAST;
> + } else {
> + rcu_read_lock();
I'm going to manually remove this explicit rcu_read_lock() here, no
need to resend. We're guaranteed to run from packet path with read
side lock from netfilter hooks. So we just save some cycles from
running this unnecessary nesting.
Let me know if I'm missing anything. Thanks!
prev parent reply other threads:[~2017-04-25 9:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-19 19:47 [PATCH net v3] bridge: ebtables: fix reception of frames DNAT-ed to bridge device/port Linus Lüssing
2017-04-25 9:10 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170425091022.GB2930@salvia \
--to=pablo@netfilter.org \
--cc=bridge@lists.linux-foundation.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=linus.luessing@c0d3.blue \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).