linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00

History

Florian Westphal dffe83a198 netfilter: br_netfilter: disable sabotage_in hook after first suppression [ Upstream commit `2b272bb558` ] When using a xfrm interface in a bridged setup (the outgoing device is bridged), the incoming packets in the xfrm interface are only tracked in the outgoing direction. $ brctl show bridge name interfaces br_eth1 eth1 $ conntrack -L tcp 115 SYN_SENT src=192... dst=192... [UNREPLIED] ... If br_netfilter is enabled, the first (encrypted) packet is received onR eth1, conntrack hooks are called from br_netfilter emulation which allocates nf_bridge info for this skb. If the packet is for local machine, skb gets passed up the ip stack. The skb passes through ip prerouting a second time. br_netfilter ip_sabotage_in supresses the re-invocation of the hooks. After this, skb gets decrypted in xfrm layer and appears in network stack a second time (after decryption). Then, ip_sabotage_in is called again and suppresses netfilter hook invocation, even though the bridge layer never called them for the plaintext incarnation of the packet. Free the bridge info after the first suppression to avoid this. I was unable to figure out where the regression comes from, as far as i can see br_netfilter always had this problem; i did not expect that skb is looped again with different headers. Fixes: `c4b0e771f9` ("netfilter: avoid using skb->nf_bridge directly") Reported-and-tested-by: Wolfgang Nothdurft <wolfgang@linogate.de> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-02-22 12:50:24 +01:00
..
netfilter	netfilter: ebtables: fix memory leak when blob is malformed	2022-09-28 11:04:07 +02:00
br.c	net: bridge: Fix a warning when del bridge sysfs	2021-02-23 15:02:25 +01:00
br_arp_nd_proxy.c	net: bridge: when suppression is enabled exclude RARP packets	2021-05-19 10:08:21 +02:00
br_device.c	net: bridge: fix stale eth hdr pointer in br_dev_xmit	2022-02-16 12:52:50 +01:00
br_fdb.c
br_forward.c
br_if.c	net: bridge: fix memleak in br_add_if()	2021-08-18 08:57:00 +02:00
br_input.c	net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.	2022-05-25 09:14:36 +02:00
br_ioctl.c
br_mdb.c
br_multicast.c	net: bridge: mcast: fix broken length + header check for MRDv6 Adv.	2021-05-14 09:44:32 +02:00
br_netfilter_hooks.c	netfilter: br_netfilter: disable sabotage_in hook after first suppression	2023-02-22 12:50:24 +01:00
br_netfilter_ipv6.c	netfilter: br_netfilter: Drop dst references before setting.	2022-09-15 12:04:55 +02:00
br_netlink.c	net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()	2021-10-13 10:08:19 +02:00
br_netlink_tunnel.c
br_nf_core.c
br_private.h	net: bridge: fix vlan tunnel dst null pointer dereference	2021-06-23 14:41:30 +02:00
br_private_stp.h
br_private_tunnel.h
br_stp.c
br_stp_bpdu.c
br_stp_if.c
br_stp_timer.c
br_switchdev.c
br_sysfs_br.c
br_sysfs_if.c	net: bridge: use switchdev for port flags set through sysfs too	2021-03-07 12:20:43 +01:00
br_vlan.c	net: bridge: vlan: fix error return code in __vlan_add()	2020-12-21 13:27:03 +01:00
br_vlan_tunnel.c	net: bridge: fix vlan tunnel dst refcnt when egressing	2021-06-23 14:41:30 +02:00
Kconfig
Makefile