Message ID | 20110513125314.66861b31@nehalam |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Le vendredi 13 mai 2011 à 12:53 -0700, Stephen Hemminger a écrit : > The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e > bridge: Reset IPCB when entering IP stack on NF_FORWARD > broke forwarding of IPV6 packets in bridge because it would > call bp_parse_ip_options with an IPV6 packet. > > Reported-by: Noah Meyerhans <noahm@debian.org> > Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> > > --- > Patch against net-next-2.6 but must be applied to net-2.6 > and stable as well > Well, stable is not needed, since faulty commit is not in 2.6.38 Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Eric Dumazet <eric.dumazet@gmail.com> Date: Fri, 13 May 2011 22:00:44 +0200 > Le vendredi 13 mai 2011 à 12:53 -0700, Stephen Hemminger a écrit : >> The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e >> bridge: Reset IPCB when entering IP stack on NF_FORWARD >> broke forwarding of IPV6 packets in bridge because it would >> call bp_parse_ip_options with an IPV6 packet. >> >> Reported-by: Noah Meyerhans <noahm@debian.org> >> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> >> >> --- >> Patch against net-next-2.6 but must be applied to net-2.6 >> and stable as well >> > > Well, stable is not needed, since faulty commit is not in 2.6.38 > > Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> I do need to queue it up for -stable because the faulty commit is also queued up there :-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Stephen Hemminger <shemminger@vyatta.com> Date: Fri, 13 May 2011 12:53:14 -0700 > The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e > bridge: Reset IPCB when entering IP stack on NF_FORWARD > broke forwarding of IPV6 packets in bridge because it would > call bp_parse_ip_options with an IPV6 packet. > > Reported-by: Noah Meyerhans <noahm@debian.org> > Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> > > --- > Patch against net-next-2.6 but must be applied to net-2.6 > and stable as well Applied and queued up for -stable, thanks! -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le vendredi 13 mai 2011 à 16:02 -0400, David Miller a écrit : > I do need to queue it up for -stable because the faulty commit is > also queued up there :-) okay ;) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 13 May 2011 16:02:32 -0400 (EDT) David Miller <davem@davemloft.net> wrote: > From: Eric Dumazet <eric.dumazet@gmail.com> > Date: Fri, 13 May 2011 22:00:44 +0200 > > > Le vendredi 13 mai 2011 à 12:53 -0700, Stephen Hemminger a écrit : > >> The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e > >> bridge: Reset IPCB when entering IP stack on NF_FORWARD > >> broke forwarding of IPV6 packets in bridge because it would > >> call bp_parse_ip_options with an IPV6 packet. > >> > >> Reported-by: Noah Meyerhans <noahm@debian.org> > >> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> > >> > >> --- > >> Patch against net-next-2.6 but must be applied to net-2.6 > >> and stable as well > >> > > > > Well, stable is not needed, since faulty commit is not in 2.6.38 > > > > Reviewed-by: Eric Dumazet <eric.dumazet@gmail.com> > > I do need to queue it up for -stable because the faulty commit is > also queued up there :-) The faulty commit was in 2.6.38.4 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, May 13, 2011 at 12:53:14PM -0700, Stephen Hemminger wrote: > The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e > bridge: Reset IPCB when entering IP stack on NF_FORWARD > broke forwarding of IPV6 packets in bridge because it would > call bp_parse_ip_options with an IPV6 packet. > > Reported-by: Noah Meyerhans <noahm@debian.org> > Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> > > --- > Patch against net-next-2.6 but must be applied to net-2.6 > and stable as well > > --- a/net/bridge/br_netfilter.c 2011-05-13 12:37:30.289646958 -0700 > +++ b/net/bridge/br_netfilter.c 2011-05-13 12:38:07.820333938 -0700 > @@ -737,7 +737,7 @@ static unsigned int br_nf_forward_ip(uns > nf_bridge->mask |= BRNF_PKT_TYPE; > } > > - if (br_parse_ip_options(skb)) > + if (pf == PF_INET && br_parse_ip_options(skb)) > return NF_DROP; > > /* The physdev module checks on this */ > I can confirm that this patch fixes the behavior I've been seeing in the stable-2.6.38.y tree. Thank you, Stephen! noah
--- a/net/bridge/br_netfilter.c 2011-05-13 12:37:30.289646958 -0700 +++ b/net/bridge/br_netfilter.c 2011-05-13 12:38:07.820333938 -0700 @@ -737,7 +737,7 @@ static unsigned int br_nf_forward_ip(uns nf_bridge->mask |= BRNF_PKT_TYPE; } - if (br_parse_ip_options(skb)) + if (pf == PF_INET && br_parse_ip_options(skb)) return NF_DROP; /* The physdev module checks on this */
The commit 6b1e960fdbd75dcd9bcc3ba5ff8898ff1ad30b6e bridge: Reset IPCB when entering IP stack on NF_FORWARD broke forwarding of IPV6 packets in bridge because it would call bp_parse_ip_options with an IPV6 packet. Reported-by: Noah Meyerhans <noahm@debian.org> Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> --- Patch against net-next-2.6 but must be applied to net-2.6 and stable as well