aboutsummaryrefslogtreecommitdiffstats
path: root/net/bridge
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2012-03-09 17:34:20 -0500
committerDavid S. Miller <davem@davemloft.net>2012-03-09 17:34:20 -0500
commitb2d3298e0916fa059712691c85a0e97becc4ab9f (patch)
treec7d5ea46a9dbf9cebdb122df4aaf0beda6e7621e /net/bridge
parent1a0bdadb4e36abac63b0a9787f372aac30c11a9e (diff)
parenta7f4255f906f60f72e00aad2fb000939449ff32e (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Diffstat (limited to 'net/bridge')
-rw-r--r--net/bridge/br_netfilter.c32
-rw-r--r--net/bridge/br_stp.c2
-rw-r--r--net/bridge/br_stp_if.c3
-rw-r--r--net/bridge/netfilter/ebtables.c16
4 files changed, 33 insertions, 20 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 84122472656c..dec4f3817133 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -62,6 +62,15 @@ static int brnf_filter_pppoe_tagged __read_mostly = 0;
62#define brnf_filter_pppoe_tagged 0 62#define brnf_filter_pppoe_tagged 0
63#endif 63#endif
64 64
65#define IS_IP(skb) \
66 (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_IP))
67
68#define IS_IPV6(skb) \
69 (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_IPV6))
70
71#define IS_ARP(skb) \
72 (!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_ARP))
73
65static inline __be16 vlan_proto(const struct sk_buff *skb) 74static inline __be16 vlan_proto(const struct sk_buff *skb)
66{ 75{
67 if (vlan_tx_tag_present(skb)) 76 if (vlan_tx_tag_present(skb))
@@ -639,8 +648,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
639 return NF_DROP; 648 return NF_DROP;
640 br = p->br; 649 br = p->br;
641 650
642 if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) || 651 if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb)) {
643 IS_PPPOE_IPV6(skb)) {
644 if (!brnf_call_ip6tables && !br->nf_call_ip6tables) 652 if (!brnf_call_ip6tables && !br->nf_call_ip6tables)
645 return NF_ACCEPT; 653 return NF_ACCEPT;
646 654
@@ -651,8 +659,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb,
651 if (!brnf_call_iptables && !br->nf_call_iptables) 659 if (!brnf_call_iptables && !br->nf_call_iptables)
652 return NF_ACCEPT; 660 return NF_ACCEPT;
653 661
654 if (skb->protocol != htons(ETH_P_IP) && !IS_VLAN_IP(skb) && 662 if (!IS_IP(skb) && !IS_VLAN_IP(skb) && !IS_PPPOE_IP(skb))
655 !IS_PPPOE_IP(skb))
656 return NF_ACCEPT; 663 return NF_ACCEPT;
657 664
658 nf_bridge_pull_encap_header_rcsum(skb); 665 nf_bridge_pull_encap_header_rcsum(skb);
@@ -701,7 +708,7 @@ static int br_nf_forward_finish(struct sk_buff *skb)
701 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 708 struct nf_bridge_info *nf_bridge = skb->nf_bridge;
702 struct net_device *in; 709 struct net_device *in;
703 710
704 if (skb->protocol != htons(ETH_P_ARP) && !IS_VLAN_ARP(skb)) { 711 if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) {
705 in = nf_bridge->physindev; 712 in = nf_bridge->physindev;
706 if (nf_bridge->mask & BRNF_PKT_TYPE) { 713 if (nf_bridge->mask & BRNF_PKT_TYPE) {
707 skb->pkt_type = PACKET_OTHERHOST; 714 skb->pkt_type = PACKET_OTHERHOST;
@@ -718,6 +725,7 @@ static int br_nf_forward_finish(struct sk_buff *skb)
718 return 0; 725 return 0;
719} 726}
720 727
728
721/* This is the 'purely bridged' case. For IP, we pass the packet to 729/* This is the 'purely bridged' case. For IP, we pass the packet to
722 * netfilter with indev and outdev set to the bridge device, 730 * netfilter with indev and outdev set to the bridge device,
723 * but we are still able to filter on the 'real' indev/outdev 731 * but we are still able to filter on the 'real' indev/outdev
@@ -744,11 +752,9 @@ static unsigned int br_nf_forward_ip(unsigned int hook, struct sk_buff *skb,
744 if (!parent) 752 if (!parent)
745 return NF_DROP; 753 return NF_DROP;
746 754
747 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb) || 755 if (IS_IP(skb) || IS_VLAN_IP(skb) || IS_PPPOE_IP(skb))
748 IS_PPPOE_IP(skb))
749 pf = PF_INET; 756 pf = PF_INET;
750 else if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) || 757 else if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb))
751 IS_PPPOE_IPV6(skb))
752 pf = PF_INET6; 758 pf = PF_INET6;
753 else 759 else
754 return NF_ACCEPT; 760 return NF_ACCEPT;
@@ -795,7 +801,7 @@ static unsigned int br_nf_forward_arp(unsigned int hook, struct sk_buff *skb,
795 if (!brnf_call_arptables && !br->nf_call_arptables) 801 if (!brnf_call_arptables && !br->nf_call_arptables)
796 return NF_ACCEPT; 802 return NF_ACCEPT;
797 803
798 if (skb->protocol != htons(ETH_P_ARP)) { 804 if (!IS_ARP(skb)) {
799 if (!IS_VLAN_ARP(skb)) 805 if (!IS_VLAN_ARP(skb))
800 return NF_ACCEPT; 806 return NF_ACCEPT;
801 nf_bridge_pull_encap_header(skb); 807 nf_bridge_pull_encap_header(skb);
@@ -853,11 +859,9 @@ static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,
853 if (!realoutdev) 859 if (!realoutdev)
854 return NF_DROP; 860 return NF_DROP;
855 861
856 if (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb) || 862 if (IS_IP(skb) || IS_VLAN_IP(skb) || IS_PPPOE_IP(skb))
857 IS_PPPOE_IP(skb))
858 pf = PF_INET; 863 pf = PF_INET;
859 else if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) || 864 else if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb))
860 IS_PPPOE_IPV6(skb))
861 pf = PF_INET6; 865 pf = PF_INET6;
862 else 866 else
863 return NF_ACCEPT; 867 return NF_ACCEPT;
diff --git a/net/bridge/br_stp.c b/net/bridge/br_stp.c
index 6751ed4e0c07..8c836d96ba76 100644
--- a/net/bridge/br_stp.c
+++ b/net/bridge/br_stp.c
@@ -31,7 +31,7 @@ static const char *const br_port_state_names[] = {
31 31
32void br_log_state(const struct net_bridge_port *p) 32void br_log_state(const struct net_bridge_port *p)
33{ 33{
34 br_info(p->br, "port %u(%s) entering %s state\n", 34 br_info(p->br, "port %u(%s) entered %s state\n",
35 (unsigned) p->port_no, p->dev->name, 35 (unsigned) p->port_no, p->dev->name,
36 br_port_state_names[p->state]); 36 br_port_state_names[p->state]);
37} 37}
diff --git a/net/bridge/br_stp_if.c b/net/bridge/br_stp_if.c
index 19308e305d85..f494496373d6 100644
--- a/net/bridge/br_stp_if.c
+++ b/net/bridge/br_stp_if.c
@@ -98,14 +98,13 @@ void br_stp_disable_port(struct net_bridge_port *p)
98 struct net_bridge *br = p->br; 98 struct net_bridge *br = p->br;
99 int wasroot; 99 int wasroot;
100 100
101 br_log_state(p);
102
103 wasroot = br_is_root_bridge(br); 101 wasroot = br_is_root_bridge(br);
104 br_become_designated_port(p); 102 br_become_designated_port(p);
105 p->state = BR_STATE_DISABLED; 103 p->state = BR_STATE_DISABLED;
106 p->topology_change_ack = 0; 104 p->topology_change_ack = 0;
107 p->config_pending = 0; 105 p->config_pending = 0;
108 106
107 br_log_state(p);
109 br_ifinfo_notify(RTM_NEWLINK, p); 108 br_ifinfo_notify(RTM_NEWLINK, p);
110 109
111 del_timer(&p->message_age_timer); 110 del_timer(&p->message_age_timer);
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 8aa4ad0e06af..5fe2ff3b01ef 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1335,7 +1335,12 @@ static inline int ebt_make_matchname(const struct ebt_entry_match *m,
1335 const char *base, char __user *ubase) 1335 const char *base, char __user *ubase)
1336{ 1336{
1337 char __user *hlp = ubase + ((char *)m - base); 1337 char __user *hlp = ubase + ((char *)m - base);
1338 if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) 1338 char name[EBT_FUNCTION_MAXNAMELEN] = {};
1339
1340 /* ebtables expects 32 bytes long names but xt_match names are 29 bytes
1341 long. Copy 29 bytes and fill remaining bytes with zeroes. */
1342 strncpy(name, m->u.match->name, sizeof(name));
1343 if (copy_to_user(hlp, name, EBT_FUNCTION_MAXNAMELEN))
1339 return -EFAULT; 1344 return -EFAULT;
1340 return 0; 1345 return 0;
1341} 1346}
@@ -1344,7 +1349,10 @@ static inline int ebt_make_watchername(const struct ebt_entry_watcher *w,
1344 const char *base, char __user *ubase) 1349 const char *base, char __user *ubase)
1345{ 1350{
1346 char __user *hlp = ubase + ((char *)w - base); 1351 char __user *hlp = ubase + ((char *)w - base);
1347 if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) 1352 char name[EBT_FUNCTION_MAXNAMELEN] = {};
1353
1354 strncpy(name, w->u.watcher->name, sizeof(name));
1355 if (copy_to_user(hlp , name, EBT_FUNCTION_MAXNAMELEN))
1348 return -EFAULT; 1356 return -EFAULT;
1349 return 0; 1357 return 0;
1350} 1358}
@@ -1355,6 +1363,7 @@ ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
1355 int ret; 1363 int ret;
1356 char __user *hlp; 1364 char __user *hlp;
1357 const struct ebt_entry_target *t; 1365 const struct ebt_entry_target *t;
1366 char name[EBT_FUNCTION_MAXNAMELEN] = {};
1358 1367
1359 if (e->bitmask == 0) 1368 if (e->bitmask == 0)
1360 return 0; 1369 return 0;
@@ -1368,7 +1377,8 @@ ebt_make_names(struct ebt_entry *e, const char *base, char __user *ubase)
1368 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); 1377 ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase);
1369 if (ret != 0) 1378 if (ret != 0)
1370 return ret; 1379 return ret;
1371 if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) 1380 strncpy(name, t->u.target->name, sizeof(name));
1381 if (copy_to_user(hlp, name, EBT_FUNCTION_MAXNAMELEN))
1372 return -EFAULT; 1382 return -EFAULT;
1373 return 0; 1383 return 0;
1374} 1384}
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-08 18:32:13 -0500