• Ido Schimmel's avatar
    bridge: Fix incorrect re-injection of STP packets · 56fae404
    Ido Schimmel authored
    Commit 8626c56c ("bridge: fix potential use-after-free when hook
    returns QUEUE or STOLEN verdict") fixed incorrect usage of NF_HOOK's
    return value by consuming packets in okfn via br_pass_frame_up().
    
    However, this function re-injects packets to the Rx path with skb->dev
    set to the bridge device, which breaks kernel's STP, as all STP packets
    appear to originate from the bridge device itself.
    
    Instead, if STP is enabled and bridge isn't a 802.1ad bridge, then learn
    packet's SMAC and inject it back to the Rx path for further processing
    by the packet handlers.
    
    The patch also makes netfilter's behavior consistent with regards to
    packets destined to the Bridge Group Address, as no hook registered at
    LOCAL_IN will ever be called, regardless if STP is enabled or not.
    
    Cc: Florian Westphal <fw@strlen.de>
    Cc: Shmulik Ladkani <shmulik.ladkani@gmail.com>
    Cc: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
    Fixes: 8626c56c ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict")
    Signed-off-by: default avatarJiri Pirko <jiri@mellanox.com>
    Signed-off-by: default avatarIdo Schimmel <idosch@mellanox.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    56fae404
br_input.c 8 KB