Add bridge netfilter w/ipv6 fix (randomly dropping packets), fwd from DaveM

author Chris Wright <chrisw@redhat.com>

Wed, 21 Dec 2005 19:49:40 +0000 (11:49 -0800)

committer Chris Wright <chrisw@redhat.com>

Wed, 21 Dec 2005 19:49:40 +0000 (11:49 -0800)
author Chris Wright <chrisw@redhat.com>
Wed, 21 Dec 2005 19:49:40 +0000 (11:49 -0800)
committer Chris Wright <chrisw@redhat.com>
Wed, 21 Dec 2005 19:49:40 +0000 (11:49 -0800)
diff --git a/queue/fix-bridge-nf-ipv6-length-check.patch b/queue/fix-bridge-nf-ipv6-length-check.patch

new file mode 100644 (file)

index 0000000..a5a0850
--- /dev/null
+++ b/queue/fix-bridge-nf-ipv6-length-check.patch
@@ -0,0 +1,61 @@
+From stable-bounces@linux.kernel.org  Mon Dec 19 17:03:09 2005
+Date: Mon, 19 Dec 2005 17:00:13 -0800 (PST)
+Message-Id: <20051219.170013.123451098.davem@davemloft.net>
+To: stable@kernel.org
+From: "David S. Miller" <davem@davemloft.net>
+Subject: [BRIDGE-NF]: Fix bridge-nf ipv6 length check 
+
+From: Bart De Schuymer <bdschuym@pandora.be>
+
+A typo caused some bridged IPv6 packets to get dropped randomly,
+as reported by Sebastien Chaumontet. The patch below fixes this
+(using skb->nh.raw instead of raw) and also makes the jumbo packet
+length checking up-to-date with the code in
+net/ipv6/exthdrs.c::ipv6_hop_jumbo.
+
+Signed-off-by: Bart De Schuymer <bdschuym@pandora.be>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Chris Wright <chrisw@redhat.com>
+---
+
+ net/bridge/br_netfilter.c |   17 +++++++----------
+ 1 files changed, 7 insertions(+), 10 deletions(-)
+
+Index: linux-2.6.14.y/net/bridge/br_netfilter.c
+===================================================================
+--- linux-2.6.14.y.orig/net/bridge/br_netfilter.c
++++ linux-2.6.14.y/net/bridge/br_netfilter.c
+@@ -295,7 +295,7 @@ static int check_hbh_len(struct sk_buff 
+       len -= 2;
+ 
+       while (len > 0) {
+-              int optlen = raw[off+1]+2;
++              int optlen = skb->nh.raw[off+1]+2;
+ 
+               switch (skb->nh.raw[off]) {
+               case IPV6_TLV_PAD0:
+@@ -308,18 +308,15 @@ static int check_hbh_len(struct sk_buff 
+               case IPV6_TLV_JUMBO:
+                       if (skb->nh.raw[off+1] != 4 || (off&3) != 2)
+                               goto bad;
+-
+                       pkt_len = ntohl(*(u32*)(skb->nh.raw+off+2));
+-
++                      if (pkt_len <= IPV6_MAXPLEN ||
++                          skb->nh.ipv6h->payload_len)
++                              goto bad;
+                       if (pkt_len > skb->len - sizeof(struct ipv6hdr))
+                               goto bad;
+-                      if (pkt_len + sizeof(struct ipv6hdr) < skb->len) {
+-                              if (__pskb_trim(skb,
+-                                  pkt_len + sizeof(struct ipv6hdr)))
+-                                      goto bad;
+-                              if (skb->ip_summed == CHECKSUM_HW)
+-                                      skb->ip_summed = CHECKSUM_NONE;
+-                      }
++                      if (pskb_trim_rcsum(skb,
++                          pkt_len+sizeof(struct ipv6hdr)))
++                              goto bad;
+                       break;
+               default:
+                       if (optlen > len)
diff --git a/queue/series b/queue/series

index ec12f8d325fd119022c17bcfcf684b860e67a18a..f1fea1361d869d9ddb14dab1e49df5699e8b869e 100644 (file)
--- a/queue/series
+++ b/queue/series
@@ -9,3 +9,4 @@ fix-vlan-checksumming.patch
  fix-nat-init-order.patch
  fix-incorrect-dependency-for-IP6_NF_TARGET_NFQUEUE.patch
  rtnetlink-fix-RTNLGRP-definitions-in-rtnetlink.h.patch
+fix-bridge-nf-ipv6-length-check.patch
author	Chris Wright <chrisw@redhat.com>
	Wed, 21 Dec 2005 19:49:40 +0000 (11:49 -0800)
committer	Chris Wright <chrisw@redhat.com>
	Wed, 21 Dec 2005 19:49:40 +0000 (11:49 -0800)
queue/fix-bridge-nf-ipv6-length-check.patch	[new file with mode: 0644]	patch \| blob
queue/series		patch \| blob \| blame \| history