Linux kernel source tree https://git.amat.us/linux/atom/net/bridge?h=v3.4 2012-04-24T04:16:24Z 2012-04-24T04:16:24Z Peter Huang (Peng) peter.huangpeng@huawei.com 2012-04-19T20:12:51Z urn:sha1:a881e963c7fe1f226e991ee9bbe8907acda93294 bridge: set fake_rtable's dst to NULL to avoid kernel Oops when bridge is deleted before tap/vif device's delete, kernel may encounter an oops because of NULL reference to fake_rtable's dst. Set fake_rtable's dst to NULL before sending packets out can solve this problem. v4 reformat, change br_drop_fake_rtable(skb) to {} v3 enrich commit header v2 introducing new flag DST_FAKE_RTABLE to dst_entry struct. [ Use "do { } while (0)" for nop br_drop_fake_rtable() implementation -DaveM ] Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Peter Huang <peter.huangpeng@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-04-11T13:43:13Z Herbert Xu herbert@gondor.apana.org.au 2012-04-04T01:01:20Z urn:sha1:996304bbea3d2a094b7ba54c3bd65d3fffeac57b As it stands the bridge IGMP snooping system will respond to group leave messages with queries for remaining membership. This is both unnecessary and undesirable. First of all any multicast routers present should be doing this rather than us. What's more the queries that we send may end up upsetting other multicast snooping swithces in the system that are buggy. In fact, we can simply remove the code that send these queries because the existing membership expiry mechanism doesn't rely on them anyway. So this patch simply removes all code associated with group queries in response to group leave messages. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-03-09T22:34:20Z David S. Miller davem@davemloft.net 2012-03-09T22:34:20Z urn:sha1:b2d3298e0916fa059712691c85a0e97becc4ab9f 2012-03-08T08:25:25Z Paulius Zaleckas paulius.zaleckas@gmail.com 2012-03-06T22:25:22Z urn:sha1:5200959b833ddacf28b6ffce8c331dfd6e0ca797 Now we have: eth0: link *down* br0: port 1(eth0) entered *forwarding* state br_log_state(p) should be called *after* p->state is set to BR_STATE_DISABLED. Reported-by: Zilvinas Valinskas <zilvinas@wilibox.com> Signed-off-by: Paulius Zaleckas <paulius.zaleckas@gmail.com> Acked-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-03-08T08:25:25Z Paulius Zaleckas paulius.zaleckas@gmail.com 2012-03-06T22:25:14Z urn:sha1:d9e179ecec0805c41b17f9a0c3b925d415677772 When br_log_state() is reporting state it should say "entered" istead of "entering" since state at this point is already changed. Signed-off-by: Paulius Zaleckas <paulius.zaleckas@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-03-06T19:43:49Z Florian Westphal fw@strlen.de 2012-03-06T01:22:54Z urn:sha1:739e4505a0e8209622dc71743bfa1c804eacf7f4 When net.bridge.bridge-nf-filter-vlan-tagged is 0 (default), vlan packets arriving should not be sent to ip(6)tables by bridge netfilter. However, it turns out that we currently always send VLAN packets to netfilter, if .. a), CONFIG_VLAN_8021Q is enabled ; or b), CONFIG_VLAN_8021Q is not set but rx vlan offload is enabled on the bridge port. This is because bridge netfilter treats skb with skb->protocol == ETH_P_IP{V6} as "non-vlan packet". With rx vlan offload on or CONFIG_VLAN_8021Q=y, the vlan header has already been removed here, and we cannot rely on skb->protocol alone. Fix this by only using skb->protocol if the skb has no vlan tag, or if a vlan tag is present and filter-vlan-tagged bridge netfilter sysctl is enabled. We cannot remove the skb->protocol == htons(ETH_P_8021Q) test because the vlan tag is still around in the CONFIG_VLAN_8021Q=n && "ethtool -K $itf rxvlan off" case. reproducer: iptables -t raw -I PREROUTING -i br0 iptables -t raw -I PREROUTING -i br0.1 Then send packets to an ip address configured on br0.1 interface. Even with net.bridge.bridge-nf-filter-vlan-tagged=0, the 1st rule will match instead of the 2nd one. With this patch applied, the 2nd rule will match instead. In the non-local address case, netfilter won't be consulted after this patch unless the sysctl is switched on. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-03-06T19:43:49Z Pablo Neira Ayuso pablo@netfilter.org 2012-03-06T01:22:53Z urn:sha1:a157b9d5b5b626e46eba2ac4e342da8db25cabc4 In adf7ff8, a invalid dereference was added in ebt_make_names. CC [M] net/bridge/netfilter/ebtables.o net/bridge/netfilter/ebtables.c: In function `ebt_make_names': net/bridge/netfilter/ebtables.c:1371:20: warning: `t' may be used uninitialized in this function [-Wuninitialized] Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-03-06T19:43:49Z Santosh Nayak santoshprasadnayak@gmail.com 2012-03-06T01:22:50Z urn:sha1:848edc69192a38bf9d261032f248b14f47e6af8b user-space ebtables expects 32 bytes-long names, but xt_match names use 29 bytes. We have to copy less 29 bytes and then, make sure we fill the remaining bytes with zeroes. Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2012-03-06T02:16:26Z David S. Miller davem@davemloft.net 2012-03-06T02:16:26Z urn:sha1:f6a1ad4295f9291038380178d09978caf6982dd8 Conflicts: drivers/net/vmxnet3/vmxnet3_drv.c Small vmxnet3 conflict with header size bug fix in 'net'. Signed-off-by: David S. Miller <davem@davemloft.net> 2012-03-05T21:45:34Z Ulrich Weber ulrich.weber@sophos.com 2012-03-05T04:52:44Z urn:sha1:d1d81d4c3dd886d5fa25a2c4fa1e39cb89613712 otherwise source IPv6 address of ICMPV6_MGM_QUERY packet might be random junk if IPv6 is disabled on interface or link-local address is not yet ready (DAD). Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: David S. Miller <davem@davemloft.net>