tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_log: do not assume ethernet header in netdev family

In netdev family, we will handle non ethernet packets, so using
eth_hdr(skb)->h_proto is incorrect.

Meanwhile, we can use socket(AF_PACKET...) to sending packets, so
skb->protocol is not always set in bridge family.

Add an extra parameter into nf_log_l2packet to solve this issue.

Fixes: 1fddf4bad0ac ("netfilter: nf_log: add packet logging for netdev family")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Liping Zhang and committed by
Pablo Neira Ayuso 673ab46f b8ad652f

+9 -4
+3 -1
include/net/netfilter/nf_log.h
··· 109 109 const struct net_device *out, 110 110 const struct nf_loginfo *loginfo, 111 111 const char *prefix); 112 - void nf_log_l2packet(struct net *net, u_int8_t pf, unsigned int hooknum, 112 + void nf_log_l2packet(struct net *net, u_int8_t pf, 113 + __be16 protocol, 114 + unsigned int hooknum, 113 115 const struct sk_buff *skb, 114 116 const struct net_device *in, 115 117 const struct net_device *out,
+2 -1
net/bridge/netfilter/nf_log_bridge.c
··· 24 24 const struct nf_loginfo *loginfo, 25 25 const char *prefix) 26 26 { 27 - nf_log_l2packet(net, pf, hooknum, skb, in, out, loginfo, prefix); 27 + nf_log_l2packet(net, pf, eth_hdr(skb)->h_proto, hooknum, skb, 28 + in, out, loginfo, prefix); 28 29 } 29 30 30 31 static struct nf_logger nf_bridge_logger __read_mostly = {
+2 -1
net/netfilter/nf_log_common.c
··· 177 177 178 178 /* bridge and netdev logging families share this code. */ 179 179 void nf_log_l2packet(struct net *net, u_int8_t pf, 180 + __be16 protocol, 180 181 unsigned int hooknum, 181 182 const struct sk_buff *skb, 182 183 const struct net_device *in, ··· 185 184 const struct nf_loginfo *loginfo, 186 185 const char *prefix) 187 186 { 188 - switch (eth_hdr(skb)->h_proto) { 187 + switch (protocol) { 189 188 case htons(ETH_P_IP): 190 189 nf_log_packet(net, NFPROTO_IPV4, hooknum, skb, in, out, 191 190 loginfo, "%s", prefix);
+2 -1
net/netfilter/nf_log_netdev.c
··· 23 23 const struct nf_loginfo *loginfo, 24 24 const char *prefix) 25 25 { 26 - nf_log_l2packet(net, pf, hooknum, skb, in, out, loginfo, prefix); 26 + nf_log_l2packet(net, pf, skb->protocol, hooknum, skb, in, out, 27 + loginfo, prefix); 27 28 } 28 29 29 30 static struct nf_logger nf_netdev_logger __read_mostly = {