Add bridge fix from Steve Hemminger.

diff --git a/queue/bridge-fdb-postfilter.patch b/queue/bridge-fdb-postfilter.patch
new file mode 100644 (file)
index 0000000..a70f639
--- /dev/null
+++ b/queue/bridge-fdb-postfilter.patch
@@ -0,0 +1,52 @@
+From shemminger@osdl.org  Wed Jun  8 09:30:09 2005
+Date: Wed, 8 Jun 2005 09:30:09 -0700
+From: Stephen Hemminger <shemminger@osdl.org>
+To: Chris Wright <chrisw@osdl.org>
+Subject: [PATCH] [BRIDGE]: prevent bad forwarding table updates
+
+Avoid poisoning of the bridge forwarding table by frames that have been
+dropped by filtering. This prevents spoofed source addresses on hostile
+side of bridge from causing packet leakage, a small but possible security
+risk.
+
+Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+
+Index: 2.6.11.11-net/net/bridge/br_input.c
+===================================================================
+--- 2.6.11.11-net.orig/net/bridge/br_input.c
++++ 2.6.11.11-net/net/bridge/br_input.c
+@@ -54,6 +54,9 @@ int br_handle_frame_finish(struct sk_buf
+       struct net_bridge_fdb_entry *dst;
+       int passedup = 0;
+ 
++      /* insert into forwarding database after filtering to avoid spoofing */
++      br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+       if (br->dev->flags & IFF_PROMISC) {
+               struct sk_buff *skb2;
+ 
+@@ -108,8 +111,7 @@ int br_handle_frame(struct net_bridge_po
+       if (eth_hdr(skb)->h_source[0] & 1)
+               goto err;
+ 
+-      if (p->state == BR_STATE_LEARNING ||
+-          p->state == BR_STATE_FORWARDING)
++      if (p->state == BR_STATE_LEARNING)
+               br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
+ 
+       if (p->br->stp_enabled &&
+Index: 2.6.11.11-net/net/bridge/br_stp_bpdu.c
+===================================================================
+--- 2.6.11.11-net.orig/net/bridge/br_stp_bpdu.c
++++ 2.6.11.11-net/net/bridge/br_stp_bpdu.c
+@@ -140,6 +140,9 @@ int br_stp_handle_bpdu(struct sk_buff *s
+       struct net_bridge *br = p->br;
+       unsigned char *buf;
+ 
++      /* insert into forwarding database after filtering to avoid spoofing */
++      br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+       /* need at least the 802 and STP headers */
+       if (!pskb_may_pull(skb, sizeof(header)+1) ||
+           memcmp(skb->data, header, sizeof(header)))

diff --git a/queue/series b/queue/series
index bca985e97b5a3ceab1ad55557a8102d582bd4068..6707ce90af65c86b7f2f6f7a8d76cbcf07f38210 100644 (file)
--- a/queue/series
+++ b/queue/series
@@ -5,3 +5,4 @@ x86_64-avoid-SMP-bootup-race.patch
 x86_64-fix-ptrace-boundary-check.patch
 bttv-vc100.patch
 fix-log_do_checkpoint-assertion-failure.patch
+bridge-fdb-postfilter.patch