linux.git/net/bridge, branch v2.6.25 Linux kernel source tree [BRIDGE]: Fix crash in __ip_route_output_key with bridge netfilter 2008-04-14T07:46:01+00:00 Patrick McHardy kaber@trash.net 2008-04-14T07:46:01+00:00 159d83363b629c91d020734207c1bc788b96af5a The bridge netfilter code attaches a fake dst_entry with a pointer to a fake net_device structure to skbs it passes up to IPv4 netfilter. This leads to crashes when the skb is passed to __ip_route_output_key when dereferencing the namespace pointer. Since bridging can currently only operate in the init_net namespace, the easiest fix for now is to initialize the nd_net pointer of the fake net_device struct to &init_net. Should fix bugzilla 10323: http://bugzilla.kernel.org/show_bug.cgi?id=10323 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
The bridge netfilter code attaches a fake dst_entry with a pointer to a
fake net_device structure to skbs it passes up to IPv4 netfilter. This
leads to crashes when the skb is passed to __ip_route_output_key when
dereferencing the namespace pointer.

Since bridging can currently only operate in the init_net namespace,
the easiest fix for now is to initialize the nd_net pointer of the
fake net_device struct to &init_net.

Should fix bugzilla 10323: http://bugzilla.kernel.org/show_bug.cgi?id=10323

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
bridge: use time_before() in br_fdb_cleanup() 2008-03-20T22:54:58+00:00 Fabio Checconi fabio@gandalf.sssup.it 2008-03-20T22:54:58+00:00 2bec008ca9fd009aa503b75344d1c22da9256141 In br_fdb_cleanup() next_timer and this_timer are in jiffies, so they should be compared using the time_after() macro. Signed-off-by: Fabio Checconi <fabio@gandalf.sssup.it> Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net> 
In br_fdb_cleanup() next_timer and this_timer are in jiffies, so they
should be compared using the time_after() macro.

Signed-off-by: Fabio Checconi <fabio@gandalf.sssup.it>
Signed-off-by: Stephen Hemminger <stephen.hemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: fix ebtable targets return 2008-02-24T04:22:27+00:00 Joonwoo Park joonwpark81@gmail.com 2008-02-24T04:22:27+00:00 1b04ab4597725f75f94942da9aa40daa7b9a4bd9 The function ebt_do_table doesn't take NF_DROP as a verdict from the targets. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
The function ebt_do_table doesn't take NF_DROP as a verdict from the targets.

Signed-off-by: Joonwoo Park <joonwpark81@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: Fix incorrect use of skb_make_writable 2008-02-20T01:18:47+00:00 Joonwoo Park joonwpark81@gmail.com 2008-02-20T01:18:47+00:00 eb1197bc0e20d3ceb450883dbd181460252f0306 http://bugzilla.kernel.org/show_bug.cgi?id=9920 The function skb_make_writable returns true or false. Signed-off-by: Joonwoo Park <joonwpark81@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
http://bugzilla.kernel.org/show_bug.cgi?id=9920
The function skb_make_writable returns true or false.

Signed-off-by: Joonwoo Park <joonwpark81@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: ebtables: mark matches, targets and watchers __read_mostly 2008-02-01T03:27:34+00:00 Jan Engelhardt jengelh@computergmbh.de 2008-01-31T12:00:59+00:00 30083c9500b8aa3bc48579eaadb5068ad057afbd Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: ebtables: Update modules' descriptions 2008-02-01T03:27:33+00:00 Jan Engelhardt jengelh@computergmbh.de 2008-01-31T12:00:30+00:00 f776c4cda449bab463f5388eb07bd63dc52e2b13 Update the MODULES_DESCRIPTION() tags for all Ebtables modules. Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Update the MODULES_DESCRIPTION() tags for all Ebtables modules.

Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: ebtables: remove casts, use consts 2008-02-01T03:27:33+00:00 Jan Engelhardt jengelh@computergmbh.de 2008-01-31T11:59:24+00:00 abfdf1c48907f78ad7d943b77ea180bf5504564f Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETFILTER]: bridge netfilter: remove nf_bridge_info read-only netoutdev member 2008-02-01T03:27:29+00:00 Patrick McHardy kaber@trash.net 2008-01-31T11:56:35+00:00 2fd8e526f44beaf439f351b310648b559e62a7cb Before the removal of the deferred output hooks, netoutdev was used in case of VLANs on top of a bridge to store the VLAN device, so the deferred hooks would see the correct output device. This isn't necessary anymore since we're calling the output hooks for the correct device directly in the IP stack. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 
Before the removal of the deferred output hooks, netoutdev was used in
case of VLANs on top of a bridge to store the VLAN device, so the
deferred hooks would see the correct output device. This isn't
necessary anymore since we're calling the output hooks for the correct
device directly in the IP stack.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETNS]: Add namespace parameter to ip_route_output_key. 2008-01-28T23:11:07+00:00 Denis V. Lunev den@openvz.org 2008-01-23T06:07:34+00:00 f206351a50ea86250fabea96b9af8d8f8fc02603 Needed to propagate it down to the ip_route_output_flow. Signed-off-by: Denis V. Lunev <den@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Needed to propagate it down to the ip_route_output_flow.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[NETNS]: Consolidate kernel netlink socket destruction. 2008-01-28T23:08:07+00:00 Denis V. Lunev den@openvz.org 2008-01-28T22:41:19+00:00 b7c6ba6eb1234e35a74fb8ba8123232a7b1ba9e4 Create a specific helper for netlink kernel socket disposal. This just let the code look better and provides a ground for proper disposal inside a namespace. Signed-off-by: Denis V. Lunev <den@openvz.org> Tested-by: Alexey Dobriyan <adobriyan@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net> 
Create a specific helper for netlink kernel socket disposal. This just
let the code look better and provides a ground for proper disposal
inside a namespace.

Signed-off-by: Denis V. Lunev <den@openvz.org>
Tested-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>