tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

[BRIDGE]: Packets leaking out of disabled/blocked ports.

This patch fixes some packet leakage in bridge. The bridging code was
allowing forward table entries to be generated even if a device was
being blocked. The fix is to not add forwarding database entries
unless the port is active.

The bug arose as part of the conversion to processing STP frames
through normal receive path (in 2.6.17).

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by Stephen Hemminger and committed by David S. Miller df1c0b84 b91ddd84

+6 -2
unified split
+5
net/bridge/br_fdb.c
··· 384 384 if (hold_time(br) == 0) 385 385 return; 386 386 387 + /* ignore packets unless we are using this port */ 388 + if (!(source->state == BR_STATE_LEARNING || 389 + source->state == BR_STATE_FORWARDING)) 390 + return; 391 + 387 392 fdb = fdb_find(head, addr); 388 393 if (likely(fdb)) { 389 394 /* attempt to update an entry for a local interface */
+1 -2
net/bridge/br_input.c
··· 101 101 { 102 102 struct net_bridge_port *p = rcu_dereference(skb->dev->br_port); 103 103 104 - if (p && p->state != BR_STATE_DISABLED) 104 + if (p) 105 105 br_fdb_update(p->br, p, eth_hdr(skb)->h_source); 106 - 107 106 return 0; /* process further */ 108 107 } 109 108