[BRIDGE] netfilter: vlan + hw checksum = bug?

It looks like the bridge netfilter code does not correctly update the hardware checksum after popping off the VLAN header. This is by inspection, I have *not* tested this. To test you would need to set up a filtering bridge with vlans and a device the does hardware receive checksum (skge, or sungem) Signed-off-by: Stephen Hemminger <shemminger@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-01-06 13:13:29 -08:00 · 2006-01-06 13:13:29 -08:00 · ee02b3a613
commit ee02b3a613
parent a20a855479
1 changed files with 9 additions and 4 deletions
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@ -394,7 +394,8 @@ inhdr_error:
 * target in particular.  Save the original destination IP
 * address to be able to detect DNAT afterwards. */
 static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
-   const struct net_device *in, const struct net_device *out,
+				      const struct net_device *in,
 				      const struct net_device *out,
 				      int (*okfn)(struct sk_buff *))
 {
 	struct iphdr *iph;
@ -412,8 +413,10 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
 			goto out;
 		if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
 			u8 *vhdr = skb->data;
 			skb_pull(skb, VLAN_HLEN);
-			(skb)->nh.raw += VLAN_HLEN;
+			skb_postpull_rcsum(skb, vhdr, VLAN_HLEN);
 			skb->nh.raw += VLAN_HLEN;
 		}
 		return br_nf_pre_routing_ipv6(hook, skb, in, out, okfn);
 	}
@ -429,8 +432,10 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb,
 		goto out;
 	if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
 		u8 *vhdr = skb->data;
 		skb_pull(skb, VLAN_HLEN);
-		(skb)->nh.raw += VLAN_HLEN;
+		skb_postpull_rcsum(skb, vhdr, VLAN_HLEN);
 		skb->nh.raw += VLAN_HLEN;
 	}
 	if (!pskb_may_pull(skb, sizeof(struct iphdr)))