Revision 3b2e2904deb314cc77a2192f506f2fd44e3d10d0 authored by Nikolay Aleksandrov on 11 April 2019, 10:56:39 UTC, committed by David S. Miller on 17 April 2019, 03:30:40 UTC
When the commit below was introduced it changed two visible things: - the skb was no longer passed through the protocol handlers with the original device - the skb was passed up the stack with skb->dev = bridge The first change broke af_packet sockets on bridge ports. For example we use them for hostapd which listens for ETH_P_PAE packets on the ports. We discussed two possible fixes: - create a clone and pass it through NF_HOOK(), act on the original skb based on the result - somehow signal to the caller from the okfn() that it was called, meaning the skb is ok to be passed, which this patch is trying to implement via returning 1 from the bridge link-local okfn() Note that we rely on the fact that NF_QUEUE/STOLEN would return 0 and drop/error would return < 0 thus the okfn() is called only when the return was 1, so we signal to the caller that it was called by preserving the return value from nf_hook(). Fixes: 8626c56c8279 ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict") Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 614c70f
File | Mode | Size |
---|---|---|
Kconfig | -rw-r--r-- | 3.1 KB |
Makefile | -rw-r--r-- | 1.9 KB |
asym_tpm.c | -rw-r--r-- | 22.9 KB |
asymmetric_keys.h | -rw-r--r-- | 759 bytes |
asymmetric_type.c | -rw-r--r-- | 16.2 KB |
mscode.asn1 | -rw-r--r-- | 840 bytes |
mscode_parser.c | -rw-r--r-- | 2.9 KB |
pkcs7.asn1 | -rw-r--r-- | 3.8 KB |
pkcs7_key_type.c | -rw-r--r-- | 2.4 KB |
pkcs7_parser.c | -rw-r--r-- | 16.5 KB |
pkcs7_parser.h | -rw-r--r-- | 2.3 KB |
pkcs7_trust.c | -rw-r--r-- | 4.8 KB |
pkcs7_verify.c | -rw-r--r-- | 12.8 KB |
pkcs8.asn1 | -rw-r--r-- | 559 bytes |
pkcs8_parser.c | -rw-r--r-- | 4.1 KB |
public_key.c | -rw-r--r-- | 8.1 KB |
restrict.c | -rw-r--r-- | 8.0 KB |
signature.c | -rw-r--r-- | 4.6 KB |
tpm.asn1 | -rw-r--r-- | 210 bytes |
tpm_parser.c | -rw-r--r-- | 2.2 KB |
verify_pefile.c | -rw-r--r-- | 11.4 KB |
verify_pefile.h | -rw-r--r-- | 1.2 KB |
x509.asn1 | -rw-r--r-- | 1.6 KB |
x509_akid.asn1 | -rw-r--r-- | 1.0 KB |
x509_cert_parser.c | -rw-r--r-- | 16.0 KB |
x509_parser.h | -rw-r--r-- | 2.3 KB |
x509_public_key.c | -rw-r--r-- | 6.4 KB |
Computing file changes ...