• Nikolay Aleksandrov's avatar
    net: bridge: fix per-port af_packet sockets · 3b2e2904
    Nikolay Aleksandrov authored
    When the commit below was introduced it changed two visible things:
     - the skb was no longer passed through the protocol handlers with the
       original device
     - the skb was passed up the stack with skb->dev = bridge
    
    The first change broke af_packet sockets on bridge ports. For example we
    use them for hostapd which listens for ETH_P_PAE packets on the ports.
    We discussed two possible fixes:
     - create a clone and pass it through NF_HOOK(), act on the original skb
       based on the result
     - somehow signal to the caller from the okfn() that it was called,
       meaning the skb is ok to be passed, which this patch is trying to
       implement via returning 1 from the bridge link-local okfn()
    
    Note that we rely on the fact that NF_QUEUE/STOLEN would return 0 and
    drop/error would return < 0 thus the okfn() is called only when the
    return was 1, so we signal to the caller that it was called by preserving
    the return value from nf_hook().
    
    Fixes: 8626c56c ("bridge: fix potential use-after-free when hook returns QUEUE or STOLEN verdict")
    Signed-off-by: default avatarNikolay Aleksandrov <nikolay@cumulusnetworks.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    3b2e2904
br_input.c 8.19 KB