From patchwork Sun Mar 29 21:26:09 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernhard Thaler X-Patchwork-Id: 455951 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id E9B801400A0 for ; Mon, 30 Mar 2015 08:27:00 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752911AbbC2V06 (ORCPT ); Sun, 29 Mar 2015 17:26:58 -0400 Received: from smarthost2.wvnet.at ([62.212.174.131]:6045 "EHLO mx-out.wvnet.at" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752601AbbC2V06 (ORCPT ); Sun, 29 Mar 2015 17:26:58 -0400 Received: from smtp.wvnet.at (localhost [127.0.0.1]) by mx-out.wvnet.at (Postfix) with ESMTP id B883D436158 for ; Sun, 29 Mar 2015 23:26:57 +0200 (CEST) Received: (qmail 1009 invoked from network); 29 Mar 2015 21:26:57 -0000 Received: (simscan 1.4.1 ppid 917 pid 1005 t 0.0176s) (scanners: regex: 1.4.1 attach: 1.4.1 clamav: 0.98.6/m:55/d:20118); 29 Mar 0115 21:26:57 -0000 X-WVNET-RELAY-spf-info: local_or_white X-WVNET-RELAY-policy-class: untrusted X-WVNET-RELAY-policy-run: [WDR-NB] Received: from smtpout18.drei.com (HELO localhost.localdomain) (bernhard.thaler@wvnet.at@[109.126.64.18]) (SMTPAUTH User bernhard.thaler@wvnet.at) (envelope-sender ) by smtp.wvnet.at (qmail-ldap-1.03) with SMTP for ; 29 Mar 2015 21:26:57 -0000 X-FEAS-AUTH-USER: From: Bernhard Thaler To: pablo@netfilter.org, kadlec@blackhole.kfki.hu Cc: netfilter-devel@vger.kernel.org, fw@strlen.de, Bernhard Thaler Subject: [PATCHv4 4/4] netfilter: bridge: rename br_parse_ip_options Date: Sun, 29 Mar 2015 23:26:09 +0200 Message-Id: <1427664369-23422-1-git-send-email-bernhard.thaler@wvnet.at> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <20150325081552.GF1685@breakpoint.cc> References: <20150325081552.GF1685@breakpoint.cc> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org br_parse_ip_options() does not parse any IP options, it validates IP packets as a whole and the function name is misleading. Rename br_parse_ip_options(). Signed-off-by: Bernhard Thaler --- v4 * re-post due to errors in v3 formatting introduced by my MUA v3 * re-assignment of iph variable needed because pskb_may_pull() can invalidate the network header * same patch as v1 again v2 * first patch did not contain statement removing double iph variable assignment net/bridge/br_netfilter.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 0e129fb..2d73565 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c @@ -198,7 +198,7 @@ static inline void nf_bridge_save_header(struct sk_buff *skb) * expected format */ -static int br_parse_ip_options(struct sk_buff *skb) +static int br_validate_ipv4(struct sk_buff *skb) { const struct iphdr *iph; struct net_device *dev = skb->dev; @@ -300,7 +300,7 @@ bad: return -1; } -/* Equivalent to br_parse_ip_options for IPv6 */ +/* Equivalent to br_validate_ipv4 for IPv6 */ static int br_validate_ipv6(struct sk_buff *skb) { const struct ipv6hdr *hdr; @@ -718,7 +718,7 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops, nf_bridge_pull_encap_header_rcsum(skb); - if (br_parse_ip_options(skb)) + if (br_validate_ipv4(skb)) return NF_DROP; nf_bridge_put(skb->nf_bridge); @@ -819,7 +819,7 @@ static unsigned int br_nf_forward_ip(const struct nf_hook_ops *ops, nf_bridge->mask |= BRNF_PKT_TYPE; } - if (pf == NFPROTO_IPV4 && br_parse_ip_options(skb)) + if (pf == NFPROTO_IPV4 && br_validate_ipv4(skb)) return NF_DROP; /* The physdev module checks on this */ @@ -914,7 +914,7 @@ static int br_nf_dev_queue_xmit(struct sk_buff *skb) * boundaries by preserving frag_list rather than refragmenting. */ if (skb->protocol == htons(ETH_P_IP)) { - if (br_parse_ip_options(skb)) + if (br_validate_ipv4(skb)) /* Drop invalid packet */ return NF_DROP; IPCB(skb)->frag_max_size = BR_INPUT_SKB_CB(skb)->frag_max_size;