git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Vlad Yasevich <vyasevich@gmail.com>
	Fri, 12 Sep 2014 20:26:16 +0000 (16:26 -0400)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 15 Oct 2014 06:36:41 +0000 (08:36 +0200)
commit	00397b67016ce2895645be741a6ce8a53f8d06bc
tree	fb3d1ecfa36fd913e6e71c098e6ed9da66c17fb7	tree
parent	d7c5b263df9a794934589b372120e8043707f82e	commit \| diff

bridge: Check if vlan filtering is enabled only once.

[ Upstream commit 20adfa1a81af00bf2027644507ad4fa9cd2849cf ]

The bridge code checks if vlan filtering is enabled on both
ingress and egress.   When the state flip happens, it
is possible for the bridge to currently be forwarding packets
and forwarding behavior becomes non-deterministic.  Bridge
may drop packets on some interfaces, but not others.

This patch solves this by caching the filtered state of the
packet into skb_cb on ingress.  The skb_cb is guaranteed to
not be over-written between the time packet entres bridge
forwarding path and the time it leaves it.  On egress, we
can then check the cached state to see if we need to
apply filtering information.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/bridge/br_private.h		diff \| blob \| blame \| history
net/bridge/br_vlan.c		diff \| blob \| blame \| history