From patchwork Thu Jun 9 13:39:08 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Cavallari X-Patchwork-Id: 99749 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id AAF15B6FE3 for ; Thu, 9 Jun 2011 23:47:59 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757919Ab1FINrw (ORCPT ); Thu, 9 Jun 2011 09:47:52 -0400 Received: from smtp1.u-psud.fr ([129.175.33.41]:57259 "EHLO smtp1.u-psud.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757641Ab1FINru (ORCPT ); Thu, 9 Jun 2011 09:47:50 -0400 X-Greylist: delayed 518 seconds by postgrey-1.27 at vger.kernel.org; Thu, 09 Jun 2011 09:47:49 EDT Received: from smtp1.u-psud.fr (localhost [127.0.0.1]) by localhost (MTA) with SMTP id DDCBF25639B; Thu, 9 Jun 2011 15:39:06 +0200 (CEST) Received: from ext.lri.fr (ext.lri.fr [129.175.15.4]) by smtp1.u-psud.fr (MTA) with ESMTP id 9D268256397; Thu, 9 Jun 2011 15:39:06 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by ext.lri.fr (Postfix) with ESMTP id 9630E3FFF2; Thu, 9 Jun 2011 15:39:06 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at lri.fr Received: from ext.lri.fr ([127.0.0.1]) by localhost (ext.lri.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DrNIe3IHhIzG; Thu, 9 Jun 2011 15:39:06 +0200 (CEST) Received: from smtp-ng.lri.fr (smtp [129.175.3.73]) by ext.lri.fr (Postfix) with ESMTP id 79B103F638; Thu, 9 Jun 2011 15:39:06 +0200 (CEST) Received: from pc11-132.lri.fr (pc11-132 [129.175.11.132]) by smtp-ng.lri.fr (Postfix) with ESMTP id 6A4936261F; Thu, 9 Jun 2011 15:39:06 +0200 (CEST) From: Nicolas Cavallari To: fw@strlen.de, kaber@trash.net, netfilter-devel@vger.kernel.org, netdev@vger.kernel.org Cc: Nicolas Cavallari Subject: [PATCH] netfilter: fix looped (broad|multi)cast's MAC handling. Date: Thu, 9 Jun 2011 15:39:08 +0200 Message-Id: <1307626748-10992-2-git-send-email-cavallar@lri.fr> X-Mailer: git-send-email 1.7.5.3 In-Reply-To: <1307626748-10992-1-git-send-email-cavallar@lri.fr> References: <20110608153032.GA26912@Chamillionaire.breakpoint.cc> <1307626748-10992-1-git-send-email-cavallar@lri.fr> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org By default, when broadcast or multicast packet are sent from a local application, they are sent to the interface then looped by the kernel to other local applications, going throught netfilter hooks in the process. These looped packet have their MAC header removed from the skb by the kernel looping code. This confuse various netfilter's netlink queue, netlink log and the legacy ip_queue, because they try to extract a hardware address from these packets, but extracts a part of the IP header instead. This patch prevent NFQUEUE, NFLOG and ip_QUEUE to include a MAC header if there is none in the packet. --- net/ipv4/netfilter/ip_queue.c | 3 ++- net/ipv6/netfilter/ip6_queue.c | 3 ++- net/netfilter/nfnetlink_log.c | 3 ++- net/netfilter/nfnetlink_queue.c | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c index f7f9bd7..5c9b9d9 100644 --- a/net/ipv4/netfilter/ip_queue.c +++ b/net/ipv4/netfilter/ip_queue.c @@ -203,7 +203,8 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp) else pmsg->outdev_name[0] = '\0'; - if (entry->indev && entry->skb->dev) { + if (entry->indev && entry->skb->dev && + entry->skb->mac_header != entry->skb->network_header) { pmsg->hw_type = entry->skb->dev->type; pmsg->hw_addrlen = dev_parse_header(entry->skb, pmsg->hw_addr); diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index 065fe40..2493948 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c @@ -204,7 +204,8 @@ ipq_build_packet_message(struct nf_queue_entry *entry, int *errp) else pmsg->outdev_name[0] = '\0'; - if (entry->indev && entry->skb->dev) { + if (entry->indev && entry->skb->dev && + entry->skb->mac_header != entry->skb->network_header) { pmsg->hw_type = entry->skb->dev->type; pmsg->hw_addrlen = dev_parse_header(entry->skb, pmsg->hw_addr); } diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index e0ee010..2e7ccbb 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -456,7 +456,8 @@ __build_packet_message(struct nfulnl_instance *inst, if (skb->mark) NLA_PUT_BE32(inst->skb, NFULA_MARK, htonl(skb->mark)); - if (indev && skb->dev) { + if (indev && skb->dev && + skb->mac_header != skb->network_header) { struct nfulnl_msg_packet_hw phw; int len = dev_parse_header(skb, phw.hw_addr); if (len > 0) { diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index b83123f..fdd2faf 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -335,7 +335,8 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, if (entskb->mark) NLA_PUT_BE32(skb, NFQA_MARK, htonl(entskb->mark)); - if (indev && entskb->dev) { + if (indev && entskb->dev && + entskb->mac_header != entskb->network_header) { struct nfqnl_msg_packet_hw phw; int len = dev_parse_header(entskb, phw.hw_addr); if (len) {