tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: fix looped (broad|multi)cast's MAC handling

By default, when broadcast or multicast packet are sent from a local
application, they are sent to the interface then looped by the kernel
to other local applications, going throught netfilter hooks in the
process.

These looped packet have their MAC header removed from the skb by the
kernel looping code. This confuse various netfilter's netlink queue,
netlink log and the legacy ip_queue, because they try to extract a
hardware address from these packets, but extracts a part of the IP
header instead.

This patch prevent NFQUEUE, NFLOG and ip_QUEUE to include a MAC header
if there is none in the packet.

Signed-off-by: Nicolas Cavallari <cavallar@lri.fr>
Signed-off-by: Patrick McHardy <kaber@trash.net>

authored by

Nicolas Cavallari and committed by
Patrick McHardy 2c38de4c db898aa2

+8 -4
+2 -1
net/ipv4/netfilter/ip_queue.c
··· 203 203 else 204 204 pmsg->outdev_name[0] = '\0'; 205 205 206 - if (entry->indev && entry->skb->dev) { 206 + if (entry->indev && entry->skb->dev && 207 + entry->skb->mac_header != entry->skb->network_header) { 207 208 pmsg->hw_type = entry->skb->dev->type; 208 209 pmsg->hw_addrlen = dev_parse_header(entry->skb, 209 210 pmsg->hw_addr);
+2 -1
net/ipv6/netfilter/ip6_queue.c
··· 204 204 else 205 205 pmsg->outdev_name[0] = '\0'; 206 206 207 - if (entry->indev && entry->skb->dev) { 207 + if (entry->indev && entry->skb->dev && 208 + entry->skb->mac_header != entry->skb->network_header) { 208 209 pmsg->hw_type = entry->skb->dev->type; 209 210 pmsg->hw_addrlen = dev_parse_header(entry->skb, pmsg->hw_addr); 210 211 }