iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d7b5974215
linux/net/bridge
History
Florian Westphal d7b5974215 netfilter: bridge: restore vlan tag when refragmenting 
If bridge netfilter is used with both
bridge-nf-call-iptables and bridge-nf-filter-vlan-tagged enabled
then ip fragments in VLAN frames are sent without the vlan header.

This has never worked reliably.  Turns out this relied on pre-3.5
behaviour where skb frag_list was used to store ip fragments;
ip_fragment() then re-used these skbs.

But since commit 3cc4949269
("ipv4: use skb coalescing in defragmentation") this is no longer
the case.  ip_do_fragment now needs to allocate new skbs, but these
don't contain the vlan tag information anymore.

Fix it by storing vlan information of the ressembled skb in the
br netfilter percpu frag area, and restore them for each of the
fragments.

Fixes: 3cc4949269 ("ipv4: use skb coalescing in defragmentation")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-06-12 14:16:55 +02:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-01 22:51:30 -07:00
br_device.c netfilter: bridge: use rcu hook to resolve br_netfilter dependency 2015-03-10 15:03:02 +01:00
br_fdb.c bridge: make br_fdb_delete also check if the port matches 2015-06-10 21:58:13 -07:00
br_forward.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
br_if.c bridge: reset bridge mtu after deleting an interface 2015-03-14 19:12:38 -04:00
br_input.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
br_ioctl.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_mdb.c bridge/mdb: remove wrong use of NLM_F_MULTI 2015-04-29 14:59:16 -04:00
br_multicast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-06-01 22:51:30 -07:00
br_netfilter.c netfilter: bridge: restore vlan tag when refragmenting 2015-06-12 14:16:55 +02:00
br_netlink.c bridge: revert br_dellink change back to original 2015-05-12 18:43:55 -04:00
br_nf_core.c net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_private.h netfilter: bridge: forward IPv6 fragmented packets 2015-06-12 14:10:12 +02:00
br_stp_bpdu.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
br_stp_if.c net: bridge: add a br_set_state helper function 2014-10-01 22:03:50 -04:00
br_stp_timer.c bridge: fix lockdep splat 2015-05-22 16:23:56 -04:00
br_stp.c switchdev: don't use anonymous union on switchdev attr/obj structs 2015-05-13 14:20:59 -04:00
br_sysfs_br.c bridge: Add a default_pvid sysfs attribute 2014-10-05 21:21:36 -04:00
br_sysfs_if.c bridge: Extend Proxy ARP design to allow optional rules for Wi-Fi 2015-03-05 14:52:23 -05:00
br_vlan.c net: rename vlan_tx_* helpers since "tx" is misleading there 2015-01-13 17:51:08 -05:00
br.c switchdev: s/netdev_switch_/switchdev_/ and s/NETDEV_SWITCH_/SWITCHDEV_/ 2015-05-12 18:43:52 -04:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile netfilter: bridge: build br_nf_core only if required 2014-09-30 14:07:51 -04:00