git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Vlad Yasevich <vyasevich@gmail.com>
	Fri, 12 Sep 2014 20:26:16 +0000 (16:26 -0400)
committer	Jiri Slaby <jslaby@suse.cz>
	Fri, 17 Oct 2014 07:43:14 +0000 (09:43 +0200)
commit	6266beeee8158338a894b2ab3a477424e9631696
tree	008f2389efe43b5900df055ec9977204d4c670de	tree
parent	048b4e83910547178851bef4c47cf40d015ad9eb	commit \| diff

bridge: Check if vlan filtering is enabled only once.

[ Upstream commit 20adfa1a81af00bf2027644507ad4fa9cd2849cf ]

The bridge code checks if vlan filtering is enabled on both
ingress and egress.   When the state flip happens, it
is possible for the bridge to currently be forwarding packets
and forwarding behavior becomes non-deterministic.  Bridge
may drop packets on some interfaces, but not others.

This patch solves this by caching the filtered state of the
packet into skb_cb on ingress.  The skb_cb is guaranteed to
not be over-written between the time packet entres bridge
forwarding path and the time it leaves it.  On egress, we
can then check the cached state to see if we need to
apply filtering information.

Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

net/bridge/br_private.h		diff \| blob \| blame \| history
net/bridge/br_vlan.c		diff \| blob \| blame \| history