Skip to content

Commit

Permalink
bridge: Reset IPCB when entering IP stack on NF_FORWARD
Browse files Browse the repository at this point in the history 
Whenever we enter the IP stack proper from bridge netfilter we
need to ensure that the skb is in a form the IP stack expects
it to be in.

The entry point on NF_FORWARD did not meet the requirements of
the IP stack, therefore leading to potential crashes/panics.

This patch fixes the problem.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Herbert Xu authored and David S. Miller committed Mar 18, 2011
1 parent d870bfb commit 6b1e960
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/bridge/br_netfilter.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -739,6 +739,9 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
nf_bridge->mask |= BRNF_PKT_TYPE;
}

if (br_parse_ip_options(skb))
return NF_DROP;

/* The physdev module checks on this */
nf_bridge->mask |= BRNF_BRIDGED;
nf_bridge->physoutdev = skb->dev;
Expand Down

0 comments on commit 6b1e960

Please sign in to comment.