[B.A.T.M.A.N.] [PATCH maint 1/2] Revert "batman-adv: free nf_bridge member on locally delivered skb"
This reverts commit 9048eb62124f47f66d12eb1d706ab5fb265553f7.
This fix can be implemented using the nf_Reset() helper instead of partly reimplementing it with a batman-adv private function.
Signed-off-by: Antonio Quartulli antonio@meshcoding.com --- soft-interface.c | 8 -------- soft-interface.h | 16 ---------------- 2 files changed, 24 deletions(-)
diff --git a/soft-interface.c b/soft-interface.c index 5dd1247..33b6144 100644 --- a/soft-interface.c +++ b/soft-interface.c @@ -371,14 +371,6 @@ void batadv_interface_rx(struct net_device *soft_iface, if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest)) goto dropped;
- /* Clean the netfilter state before delivering the skb. - * This packet may have traversed a bridge when it was encapsulated into - * the batman header. Now that the header has been removed, the - * netfilter state must be cleaned up to avoid to mess up with a - * possible second bridge - */ - batadv_nf_bridge_skb_free(skb); - netif_rx(skb); goto out;
diff --git a/soft-interface.h b/soft-interface.h index 5c19c42..2f2472c 100644 --- a/soft-interface.h +++ b/soft-interface.h @@ -29,20 +29,4 @@ void batadv_softif_destroy_sysfs(struct net_device *soft_iface); int batadv_softif_is_valid(const struct net_device *net_dev); extern struct rtnl_link_ops batadv_link_ops;
-#ifdef CONFIG_BRIDGE_NETFILTER -/** - * batadv_nf_bridge_skb_free - clean the NF bridge data in an skb - * @skb: the skb which nf data has to be free'd - */ -static inline void batadv_nf_bridge_skb_free(struct sk_buff *skb) -{ - nf_bridge_put(skb->nf_bridge); - skb->nf_bridge = NULL; -} -#else -static inline void batadv_nf_bridge_skb_free(struct sk_buff *skb) -{ -} -#endif /* CONFIG_BRIDGE_NETFILTER */ - #endif /* _NET_BATMAN_ADV_SOFT_INTERFACE_H_ */
If an interface enslaved into batman-adv is a bridge (or a virtual interface built on top of a bridge) the nf_bridge member of the skbs reaching the soft-interface is filled with the state about "netfilter bridge" operations.
Then, if one of such skbs is locally delivered, the nf_bridge member should be cleaned up to avoid that the old state could mess up with other "netfilter bridge" operations when entering a second bridge. This is needed because batman-adv is an encapsulation protocol.
However at the moment skb->nf_bridge is not released at all leading to bogus "netfilter bridge" behaviours.
Fix this by cleaning the netfilter state of the skb before it gets delivered to the upper layer in interface_rx().
Signed-off-by: Antonio Quartulli antonio@meshcoding.com --- soft-interface.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/soft-interface.c b/soft-interface.c index 33b6144..08086cf 100644 --- a/soft-interface.c +++ b/soft-interface.c @@ -324,6 +324,11 @@ void batadv_interface_rx(struct net_device *soft_iface, skb_pull_rcsum(skb, hdr_size); skb_reset_mac_header(skb);
+ /* clean the netfilter state now that the batman-adv header has been + * removed + */ + nf_reset(skb); + ethhdr = eth_hdr(skb);
switch (ntohs(ethhdr->h_proto)) {
On Monday 23 December 2013 01:28:05 Antonio Quartulli wrote:
If an interface enslaved into batman-adv is a bridge (or a virtual interface built on top of a bridge) the nf_bridge member of the skbs reaching the soft-interface is filled with the state about "netfilter bridge" operations.
Then, if one of such skbs is locally delivered, the nf_bridge member should be cleaned up to avoid that the old state could mess up with other "netfilter bridge" operations when entering a second bridge. This is needed because batman-adv is an encapsulation protocol.
However at the moment skb->nf_bridge is not released at all leading to bogus "netfilter bridge" behaviours.
Fix this by cleaning the netfilter state of the skb before it gets delivered to the upper layer in interface_rx().
Signed-off-by: Antonio Quartulli antonio@meshcoding.com
soft-interface.c | 5 +++++ 1 file changed, 5 insertions(+)
Applied in revision 1356028.
Thanks, Marek
On Monday 23 December 2013 01:28:04 Antonio Quartulli wrote:
This reverts commit 9048eb62124f47f66d12eb1d706ab5fb265553f7.
This fix can be implemented using the nf_Reset() helper instead of partly reimplementing it with a batman-adv private function.
Signed-off-by: Antonio Quartulli antonio@meshcoding.com
soft-interface.c | 8 -------- soft-interface.h | 16 ---------------- 2 files changed, 24 deletions(-)
Applied in revision 6bd723.
Thanks, Marek
b.a.t.m.a.n@lists.open-mesh.org
-
Antonio Quartulli -
Marek Lindner