From patchwork Wed Jun 8 15:18:17 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Cavallari X-Patchwork-Id: 99450 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 05052B6FC5 for ; Thu, 9 Jun 2011 01:22:58 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756532Ab1FHPWv (ORCPT ); Wed, 8 Jun 2011 11:22:51 -0400 Received: from smtp1.u-psud.fr ([129.175.33.41]:57944 "EHLO smtp1.u-psud.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756294Ab1FHPWu (ORCPT ); Wed, 8 Jun 2011 11:22:50 -0400 X-Greylist: delayed 336 seconds by postgrey-1.27 at vger.kernel.org; Wed, 08 Jun 2011 11:22:49 EDT Received: from smtp1.u-psud.fr (localhost [127.0.0.1]) by localhost (MTA) with SMTP id 52350256326; Wed, 8 Jun 2011 17:16:56 +0200 (CEST) Received: from lri.lri.fr (lri.lri.fr [129.175.15.1]) by smtp1.u-psud.fr (MTA) with ESMTP id 321C72562E4; Wed, 8 Jun 2011 17:16:56 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by lri.lri.fr (Postfix) with ESMTP id 33F7920B22; Wed, 8 Jun 2011 17:16:56 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at lri.fr Received: from lri.lri.fr ([127.0.0.1]) by localhost (lri.lri.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0QwVjRY7k-S; Wed, 8 Jun 2011 17:16:56 +0200 (CEST) Received: from pc11-132.lri.fr (pc11-132 [129.175.11.132]) by lri.lri.fr (Postfix) with ESMTP id 1F43D1FD75; Wed, 8 Jun 2011 17:16:56 +0200 (CEST) Received: by pc11-132.lri.fr (Postfix, from userid 0) id C95E24587D; Wed, 8 Jun 2011 17:18:17 +0200 (CEST) From: Nicolas Cavallari To: Patrick McHardy Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org Subject: [PATCH] netfilter: fix looped (broad|multi)cast's bogus MACs in NFQUEUE Message-Id: <20110608151817.C95E24587D@pc11-132.lri.fr> Date: Wed, 8 Jun 2011 17:18:17 +0200 (CEST) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org By default, when broadcast or multicast packet are sent from a local application, they are sent to the interface then looped by the kernel to other local applications, going throught netfilter hooks in the process. These looped packet have their MAC header removed from the skb by the kernel looping code. This confuse netfilter's netlink queue because it tries to extract a hardware address from these packets, but extracts a part of the IP header instead. This patch prevent NFQUEUE to include a MAC header in the netlink message if there is none. Signed-off-by: Nicolas Cavallari --- To reproduce the bug, run libnetfilter_queue's nfqnl_test.c and add some iptables -j NFQUEUE rule in PREROUTING. Then, either ping -b 255.255.255.255 or ping nonexistenthost.local (if avahi or another multicast dns client is configured) If you see MAC addresses like 40:00:ff:11:0d::70 (for mdns) or 00:00:80:11:70:62 then you can see that they match this part of the packet's ip header : |flags| fragment offset| |ttl| protocol| checksum | patch done against 2.6.39.1 but should also apply to nf-next --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- linux-2.6.39.1/net/netfilter/nfnetlink_queue.c 2011-06-08 14:43:41.188003302 +0200 +++ linux-2.6.39.1/net/netfilter/nfnetlink_queue.c 2011-06-08 14:46:10.892003541 +0200 @@ -335,7 +335,8 @@ nfqnl_build_packet_message(struct nfqnl_ if (entskb->mark) NLA_PUT_BE32(skb, NFQA_MARK, htonl(entskb->mark)); - if (indev && entskb->dev) { + if (indev && entskb->dev && + entskb->network_header != entskb->mac_header) { struct nfqnl_msg_packet_hw phw; int len = dev_parse_header(entskb, phw.hw_addr); if (len) {