linux/net/bridge
Ido Schimmel baedbe5588 bridge: Fix incorrect re-injection of LLDP packets
Commit 8626c56c82 ("bridge: fix potential use-after-free when hook
returns QUEUE or STOLEN verdict") caused LLDP packets arriving through a
bridge port to be re-injected to the Rx path with skb->dev set to the
bridge device, but this breaks the lldpad daemon.

The lldpad daemon opens a packet socket with protocol set to ETH_P_LLDP
for any valid device on the system, which doesn't not include soft
devices such as bridge and VLAN.

Since packet sockets (ptype_base) are processed in the Rx path after the
Rx handler, LLDP packets with skb->dev set to the bridge device never
reach the lldpad daemon.

Fix this by making the bridge's Rx handler re-inject LLDP packets with
RX_HANDLER_PASS, which effectively restores the behaviour prior to the
mentioned commit.

This means netfilter will never receive LLDP packets coming through a
bridge port, as I don't see a way in which we can have okfn() consume
the packet without breaking existing behaviour. I've already carried out
a similar fix for STP packets in commit 56fae404fb ("bridge: Fix
incorrect re-injection of STP packets").

Fixes: 8626c56c82 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-25 10:53:34 -07:00
..
netfilter net: bridge: remove _deliver functions and consolidate forward code 2016-07-16 19:57:38 -07:00
br_device.c net: bridge: remove _deliver functions and consolidate forward code 2016-07-16 19:57:38 -07:00
br_fdb.c bridge: Don't insert unnecessary local fdb entry on changing mac address 2016-06-08 00:31:38 -07:00
br_forward.c net: bridge: remove _deliver functions and consolidate forward code 2016-07-16 19:57:38 -07:00
br_if.c net: bridge: add support for IGMP/MLD stats and export them via netlink 2016-06-30 06:18:24 -04:00
br_input.c bridge: Fix incorrect re-injection of LLDP packets 2016-07-25 10:53:34 -07:00
br_ioctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
br_mdb.c bridge: mdb: Marking port-group as offloaded 2016-04-24 14:23:32 -04:00
br_multicast.c net: bridge: extend MLD/IGMP query stats 2016-07-09 17:40:09 -04:00
br_netfilter_hooks.c ipv4: Fix ip_skb_dst_mtu to use the sk passed by ip_finish_output 2016-06-30 09:02:48 -04:00
br_netfilter_ipv6.c ipv6: rename IP6_INC_STATS_BH() 2016-04-27 22:48:24 -04:00
br_netlink.c net: bridge: add support for IGMP/MLD stats and export them via netlink 2016-06-30 06:18:24 -04:00
br_nf_core.c
br_private_stp.h
br_private.h net: bridge: br_set_ageing_time takes a clock_t 2016-07-25 10:30:03 -07:00
br_stp_bpdu.c netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
br_stp_if.c net: bridge: fix br_stp_enable_bridge comment 2016-07-25 10:30:03 -07:00
br_stp_timer.c net: bridge: log port STP state on change 2016-02-18 14:20:08 -05:00
br_stp.c net: bridge: br_set_ageing_time takes a clock_t 2016-07-25 10:30:03 -07:00
br_sysfs_br.c net: bridge: add support for IGMP/MLD stats and export them via netlink 2016-06-30 06:18:24 -04:00
br_sysfs_if.c bridge: a netlink notification should be sent when those attributes are changed by br_sysfs_if 2016-04-13 22:42:33 -04:00
br_vlan.c bridge: netlink: export per-vlan stats 2016-05-02 22:27:06 -04:00
br.c switchdev: Require RTNL mutex to be held when sending FDB notifications 2016-01-28 16:21:31 -08:00
Kconfig
Makefile netfilter: bridge: split ipv6 code into separated file 2015-06-18 21:14:21 +02:00