[BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter

The bridge netfilter code attaches a fake dst_entry with a pointer to a fake net_device structure to skbs it passes up to IPv4 netfilter. This leads to crashes when the skb is passed to __ip_route_output_key when dereferencing the namespace pointer. Since bridging can currently only operate in the init_net namespace, the easiest fix for now is to initialize the nd_net pointer of the fake net_device struct to &init_net. Should fix bugzilla 10323: http://bugzilla.kernel.org/show_bug.cgi?id=10323 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
mariux64 · Apr 14, 2008 · 159d833 · 159d833
1 parent 4dee959
commit 159d833
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
@@ -110,7 +110,8 @@ static inline __be16 pppoe_proto(const struct sk_buff *skb)
  * ipt_REJECT needs it.  Future netfilter modules might
  * require us to fill additional fields. */
 static struct net_device __fake_net_device = {
-	.hard_header_len	= ETH_HLEN
+	.hard_header_len	= ETH_HLEN,
+	.nd_net			= &init_net,
 };
 
 static struct rtable __fake_rtable = {