lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Dec 2019 17:16:32 +0100 From: Florian Westphal <fw@...len.de> To: Marco Oliverio <marco.oliverio@...aza.com> Cc: netfilter-devel@...r.kernel.org, Rocco Folino <notifications@...hub.com>, Florian Westphal <fw@...len.de>, netdev <netdev@...r.kernel.org> Subject: Re: forwarded bridged packets enqueuing is broken Marco Oliverio <marco.oliverio@...aza.com> wrote: > We cannot enqueue userspace bridged forwarded packets (neither in the > forward chain nor in the postrouting one): [..] > AFAIU forwarded bridge packets have a null dst entry in the first > place, as they don't enter the ip stack, so skb_dst_force() returns > false. The very same commit suggested to check skb_dst() before > skb_dst_force(), doing that indeed fix the issue for us: > > modified net/netfilter/nf_queue.c > @@ -174,7 +174,7 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, > goto err; > } > > - if (!skb_dst_force(skb) && state->hook != NF_INET_PRE_ROUTING) { > + if (skb_dst(skb) && !skb_dst_force(skb)) { Looks fine to me, please submit this formally. Thanks!
Powered by blists - more mailing lists