Commit 0e5eabac authored by Stephen Hemminger's avatar Stephen Hemminger Committed by David S. Miller

[BRIDGE]: filter packets in learning state

While in the learning state, run filters but drop the result.
This prevents us from acquiring bad fdb entries in learning state.
Signed-off-by: default avatarStephen Hemminger <shemminger@osdl.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4433f420
...@@ -53,6 +53,11 @@ int br_handle_frame_finish(struct sk_buff *skb) ...@@ -53,6 +53,11 @@ int br_handle_frame_finish(struct sk_buff *skb)
/* insert into forwarding database after filtering to avoid spoofing */ /* insert into forwarding database after filtering to avoid spoofing */
br_fdb_update(p->br, p, eth_hdr(skb)->h_source); br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
if (p->state == BR_STATE_LEARNING) {
kfree_skb(skb);
goto out;
}
if (br->dev->flags & IFF_PROMISC) { if (br->dev->flags & IFF_PROMISC) {
struct sk_buff *skb2; struct sk_buff *skb2;
...@@ -107,9 +112,6 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb) ...@@ -107,9 +112,6 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
if (!is_valid_ether_addr(eth_hdr(skb)->h_source)) if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
goto err; goto err;
if (p->state == BR_STATE_LEARNING)
br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
if (p->br->stp_enabled && if (p->br->stp_enabled &&
!memcmp(dest, bridge_ula, 5) && !memcmp(dest, bridge_ula, 5) &&
!(dest[5] & 0xF0)) { !(dest[5] & 0xF0)) {
...@@ -118,9 +120,10 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb) ...@@ -118,9 +120,10 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
NULL, br_stp_handle_bpdu); NULL, br_stp_handle_bpdu);
return 1; return 1;
} }
goto err;
} }
else if (p->state == BR_STATE_FORWARDING) { if (p->state == BR_STATE_FORWARDING || p->state == BR_STATE_LEARNING) {
if (br_should_route_hook) { if (br_should_route_hook) {
if (br_should_route_hook(pskb)) if (br_should_route_hook(pskb))
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment