| Message ID | 20211210122600.mrduxdw2uwpwoqbr@zenon.in.qult.net (mailing list archive) |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | netfilter: fix regression in looped (broad|multi)cast's MAC handing | expand |
12/10/21 3:26 PM, Ignacy Gawędzki пишет: > In 5648b5e1169f, the test for non-empty MAC header introduced in > 2c38de4c1f8da7 has been replaced with a test for a set MAC header, > which breaks the case when the MAC header has been reset (using > skb_reset_mac_header), as is the case with looped-back multicast > packets. > > This patch adds a test for a non-empty MAC header in addition to the > test for a set MAC header. The same two tests are also implemented in > nfnetlink_log.c, where the initial code of 2c38de4c1f8da7 has not been > touched, but where supposedly the same situation may happen. > Fixes: 2c38de4c1f8da7 ("netfilter: fix looped (broad|multi)cast's MAC handling") > Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr> > --- > net/netfilter/nfnetlink_log.c | 3 ++- > net/netfilter/nfnetlink_queue.c | 3 ++- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c > index 691ef4cffdd9..7f83f9697fc1 100644 > --- a/net/netfilter/nfnetlink_log.c > +++ b/net/netfilter/nfnetlink_log.c > @@ -556,7 +556,8 @@ __build_packet_message(struct nfnl_log_net *log, > goto nla_put_failure; > > if (indev && skb->dev && > - skb->mac_header != skb->network_header) { > + skb_mac_header_was_set(skb) && > + skb_mac_header_len(skb) != 0) { > struct nfulnl_msg_packet_hw phw; > int len; > > diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c > index 4acc4b8e9fe5..959527708e38 100644 > --- a/net/netfilter/nfnetlink_queue.c > +++ b/net/netfilter/nfnetlink_queue.c > @@ -560,7 +560,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, > goto nla_put_failure; > > if (indev && entskb->dev && > - skb_mac_header_was_set(entskb)) { > + skb_mac_header_was_set(entskb) && > + skb_mac_header_len(entskb) != 0) { > struct nfqnl_msg_packet_hw phw; > int len; > >
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 691ef4cffdd9..7f83f9697fc1 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -556,7 +556,8 @@ __build_packet_message(struct nfnl_log_net *log, goto nla_put_failure; if (indev && skb->dev && - skb->mac_header != skb->network_header) { + skb_mac_header_was_set(skb) && + skb_mac_header_len(skb) != 0) { struct nfulnl_msg_packet_hw phw; int len; diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c index 4acc4b8e9fe5..959527708e38 100644 --- a/net/netfilter/nfnetlink_queue.c +++ b/net/netfilter/nfnetlink_queue.c @@ -560,7 +560,8 @@ nfqnl_build_packet_message(struct net *net, struct nfqnl_instance *queue, goto nla_put_failure; if (indev && entskb->dev && - skb_mac_header_was_set(entskb)) { + skb_mac_header_was_set(entskb) && + skb_mac_header_len(entskb) != 0) { struct nfqnl_msg_packet_hw phw; int len;
In 5648b5e1169f, the test for non-empty MAC header introduced in 2c38de4c1f8da7 has been replaced with a test for a set MAC header, which breaks the case when the MAC header has been reset (using skb_reset_mac_header), as is the case with looped-back multicast packets. This patch adds a test for a non-empty MAC header in addition to the test for a set MAC header. The same two tests are also implemented in nfnetlink_log.c, where the initial code of 2c38de4c1f8da7 has not been touched, but where supposedly the same situation may happen. Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr> --- net/netfilter/nfnetlink_log.c | 3 ++- net/netfilter/nfnetlink_queue.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-)