lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 14 Jul 2015 10:37:44 +0000
From:	"Yigal Reiss (yreiss)" <yreiss@...co.com>
To:	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: [PATCH] brouted packet identified as PACKET_OTHERHOST blocked by
 higher protocol

The problem I'm trying to solve is that when packets being sent from one bridged interface to the other are "brouted" they get dropped by the IP layer. The reason is that the packet being raised has pkt_type of type PACKET_OTHERHOST.

The semantics of "brouting" a packet is that it is sent up to higher network layers. Problem is that when the pkt_type of the packet is 
PACKET_OTHERHOST it (at least for IP) gets dropped. (e.g. dropping OTHERHOST packets is the first thing ip_rcv() does).

The suggested patch below changes the packet type to PACKET_HOST which fixes the problem. This is a bit of a cheat but I didn't find any side effects and couldn't find a better way w/o defining a new packet type. 

Also removed " dest = eth_hdr(skb)->h_dest;" which does nothing as far as I can see as it is already assigned the same value before.

diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index f921a5d..2cae324 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -291,12 +291,11 @@ forward:
        switch (p->state) {
        case BR_STATE_FORWARDING:
                rhook = rcu_dereference(br_should_route_hook);
-               if (rhook) {
-                       if ((*rhook)(skb)) {
-                               *pskb = skb;
-                               return RX_HANDLER_PASS;
-                       }
-                       dest = eth_hdr(skb)->h_dest;
+               if (rhook && (*rhook)(skb)) {
+                   if (skb->pkt_type == PACKET_OTHERHOST)
+                       skb->pkt_type = PACKET_HOST; /* so it does not get rejected by higher protocol receiver, e.g. by ip_rcv()  */
+                   *pskb = skb;
+                   return RX_HANDLER_PASS;
                }
                /* fall through */
        case BR_STATE_LEARNING:
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ