Skip to content

Commit

Permalink
[BRIDGE]: prevent bad forwarding table updates
Browse files Browse the repository at this point in the history 
Avoid poisoning of the bridge forwarding table by frames that have been
dropped by filtering. This prevents spoofed source addresses on hostile
side of bridge from causing packet leakage, a small but possible security
risk.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Stephen Hemminger authored and David S. Miller committed May 29, 2005
1 parent 81d3530 commit 85967bb
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 2 deletions.
6 changes: 4 additions & 2 deletions net/bridge/br_input.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ int br_handle_frame_finish(struct sk_buff *skb)
struct net_bridge_fdb_entry *dst;
int passedup = 0;

/* insert into forwarding database after filtering to avoid spoofing */
br_fdb_update(p->br, p, eth_hdr(skb)->h_source);

if (br->dev->flags & IFF_PROMISC) {
struct sk_buff *skb2;

Expand Down Expand Up @@ -108,8 +111,7 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
goto err;

if (p->state == BR_STATE_LEARNING ||
p->state == BR_STATE_FORWARDING)
if (p->state == BR_STATE_LEARNING)
br_fdb_update(p->br, p, eth_hdr(skb)->h_source);

if (p->br->stp_enabled &&
Expand Down
3 changes: 3 additions & 0 deletions net/bridge/br_stp_bpdu.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,9 @@ int br_stp_handle_bpdu(struct sk_buff *skb)
struct net_bridge *br = p->br;
unsigned char *buf;

/* insert into forwarding database after filtering to avoid spoofing */
br_fdb_update(p->br, p, eth_hdr(skb)->h_source);

/* need at least the 802 and STP headers */
if (!pskb_may_pull(skb, sizeof(header)+1) ||
memcmp(skb->data, header, sizeof(header)))
Expand Down

0 comments on commit 85967bb

Please sign in to comment.