From: Chris Wright <chrisw@osdl.org>
Date: Wed, 8 Jun 2005 22:31:41 +0000 (-0700)
Subject: Add bridge fix from Steve Hemminger.
X-Git-Tag: v2.6.11.12~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d1b0fc6baab177900e365ef4c3d4b0eee7cda745;p=thirdparty%2Fkernel%2Fstable-queue.git

Add bridge fix from Steve Hemminger.
---

diff --git a/queue/bridge-fdb-postfilter.patch b/queue/bridge-fdb-postfilter.patch
new file mode 100644
index 00000000000..a70f639cafc
--- /dev/null
+++ b/queue/bridge-fdb-postfilter.patch
@@ -0,0 +1,52 @@
+From shemminger@osdl.org  Wed Jun  8 09:30:09 2005
+Date: Wed, 8 Jun 2005 09:30:09 -0700
+From: Stephen Hemminger <shemminger@osdl.org>
+To: Chris Wright <chrisw@osdl.org>
+Subject: [PATCH] [BRIDGE]: prevent bad forwarding table updates
+
+Avoid poisoning of the bridge forwarding table by frames that have been
+dropped by filtering. This prevents spoofed source addresses on hostile
+side of bridge from causing packet leakage, a small but possible security
+risk.
+
+Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+
+Index: 2.6.11.11-net/net/bridge/br_input.c
+===================================================================
+--- 2.6.11.11-net.orig/net/bridge/br_input.c
++++ 2.6.11.11-net/net/bridge/br_input.c
+@@ -54,6 +54,9 @@ int br_handle_frame_finish(struct sk_buf
+ 	struct net_bridge_fdb_entry *dst;
+ 	int passedup = 0;
+ 
++	/* insert into forwarding database after filtering to avoid spoofing */
++	br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+ 	if (br->dev->flags & IFF_PROMISC) {
+ 		struct sk_buff *skb2;
+ 
+@@ -108,8 +111,7 @@ int br_handle_frame(struct net_bridge_po
+ 	if (eth_hdr(skb)->h_source[0] & 1)
+ 		goto err;
+ 
+-	if (p->state == BR_STATE_LEARNING ||
+-	    p->state == BR_STATE_FORWARDING)
++	if (p->state == BR_STATE_LEARNING)
+ 		br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
+ 
+ 	if (p->br->stp_enabled &&
+Index: 2.6.11.11-net/net/bridge/br_stp_bpdu.c
+===================================================================
+--- 2.6.11.11-net.orig/net/bridge/br_stp_bpdu.c
++++ 2.6.11.11-net/net/bridge/br_stp_bpdu.c
+@@ -140,6 +140,9 @@ int br_stp_handle_bpdu(struct sk_buff *s
+ 	struct net_bridge *br = p->br;
+ 	unsigned char *buf;
+ 
++	/* insert into forwarding database after filtering to avoid spoofing */
++	br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
++
+ 	/* need at least the 802 and STP headers */
+ 	if (!pskb_may_pull(skb, sizeof(header)+1) ||
+ 	    memcmp(skb->data, header, sizeof(header)))
diff --git a/queue/series b/queue/series
index bca985e97b5..6707ce90af6 100644
--- a/queue/series
+++ b/queue/series
@@ -5,3 +5,4 @@ x86_64-avoid-SMP-bootup-race.patch
 x86_64-fix-ptrace-boundary-check.patch
 bttv-vc100.patch
 fix-log_do_checkpoint-assertion-failure.patch
+bridge-fdb-postfilter.patch