diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/bridge/br_netfilter.c | 25 |
1 files changed, 9 insertions, 16 deletions
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c index 16f5c333596a..4b5b66d07bba 100644 --- a/net/bridge/br_netfilter.c +++ b/net/bridge/br_netfilter.c | |||
| @@ -562,26 +562,26 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
| 562 | u32 pkt_len; | 562 | u32 pkt_len; |
| 563 | 563 | ||
| 564 | if (skb->len < sizeof(struct ipv6hdr)) | 564 | if (skb->len < sizeof(struct ipv6hdr)) |
| 565 | goto inhdr_error; | 565 | return NF_DROP; |
| 566 | 566 | ||
| 567 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | 567 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) |
| 568 | goto inhdr_error; | 568 | return NF_DROP; |
| 569 | 569 | ||
| 570 | hdr = ipv6_hdr(skb); | 570 | hdr = ipv6_hdr(skb); |
| 571 | 571 | ||
| 572 | if (hdr->version != 6) | 572 | if (hdr->version != 6) |
| 573 | goto inhdr_error; | 573 | return NF_DROP; |
| 574 | 574 | ||
| 575 | pkt_len = ntohs(hdr->payload_len); | 575 | pkt_len = ntohs(hdr->payload_len); |
| 576 | 576 | ||
| 577 | if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { | 577 | if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) { |
| 578 | if (pkt_len + sizeof(struct ipv6hdr) > skb->len) | 578 | if (pkt_len + sizeof(struct ipv6hdr) > skb->len) |
| 579 | goto inhdr_error; | 579 | return NF_DROP; |
| 580 | if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) | 580 | if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) |
| 581 | goto inhdr_error; | 581 | return NF_DROP; |
| 582 | } | 582 | } |
| 583 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) | 583 | if (hdr->nexthdr == NEXTHDR_HOP && check_hbh_len(skb)) |
| 584 | goto inhdr_error; | 584 | return NF_DROP; |
| 585 | 585 | ||
| 586 | nf_bridge_put(skb->nf_bridge); | 586 | nf_bridge_put(skb->nf_bridge); |
| 587 | if (!nf_bridge_alloc(skb)) | 587 | if (!nf_bridge_alloc(skb)) |
| @@ -594,9 +594,6 @@ static unsigned int br_nf_pre_routing_ipv6(unsigned int hook, | |||
| 594 | br_nf_pre_routing_finish_ipv6); | 594 | br_nf_pre_routing_finish_ipv6); |
| 595 | 595 | ||
| 596 | return NF_STOLEN; | 596 | return NF_STOLEN; |
| 597 | |||
| 598 | inhdr_error: | ||
| 599 | return NF_DROP; | ||
| 600 | } | 597 | } |
| 601 | 598 | ||
| 602 | /* Direct IPv6 traffic to br_nf_pre_routing_ipv6. | 599 | /* Direct IPv6 traffic to br_nf_pre_routing_ipv6. |
| @@ -615,11 +612,11 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
| 615 | __u32 len = nf_bridge_encap_header_len(skb); | 612 | __u32 len = nf_bridge_encap_header_len(skb); |
| 616 | 613 | ||
| 617 | if (unlikely(!pskb_may_pull(skb, len))) | 614 | if (unlikely(!pskb_may_pull(skb, len))) |
| 618 | goto out; | 615 | return NF_DROP; |
| 619 | 616 | ||
| 620 | p = br_port_get_rcu(in); | 617 | p = br_port_get_rcu(in); |
| 621 | if (p == NULL) | 618 | if (p == NULL) |
| 622 | goto out; | 619 | return NF_DROP; |
| 623 | br = p->br; | 620 | br = p->br; |
| 624 | 621 | ||
| 625 | if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) || | 622 | if (skb->protocol == htons(ETH_P_IPV6) || IS_VLAN_IPV6(skb) || |
| @@ -641,8 +638,7 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
| 641 | nf_bridge_pull_encap_header_rcsum(skb); | 638 | nf_bridge_pull_encap_header_rcsum(skb); |
| 642 | 639 | ||
| 643 | if (br_parse_ip_options(skb)) | 640 | if (br_parse_ip_options(skb)) |
| 644 | /* Drop invalid packet */ | 641 | return NF_DROP; |
| 645 | goto out; | ||
| 646 | 642 | ||
| 647 | nf_bridge_put(skb->nf_bridge); | 643 | nf_bridge_put(skb->nf_bridge); |
| 648 | if (!nf_bridge_alloc(skb)) | 644 | if (!nf_bridge_alloc(skb)) |
| @@ -656,9 +652,6 @@ static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff *skb, | |||
| 656 | br_nf_pre_routing_finish); | 652 | br_nf_pre_routing_finish); |
| 657 | 653 | ||
| 658 | return NF_STOLEN; | 654 | return NF_STOLEN; |
| 659 | |||
| 660 | out: | ||
| 661 | return NF_DROP; | ||
| 662 | } | 655 | } |
| 663 | 656 | ||
| 664 | 657 | ||