[B.A.T.M.A.N.] [PATCH maint 1/2] Revert "batman-adv: free nf_bridge member on locally delivered skb"

[B.A.T.M.A.N.] [PATCH maint 1/2] Revert "batman-adv: free nf_bridge member on locally delivered skb"

[Antonio Quartulli]

This reverts commit 9048eb62124f47f66d12eb1d706ab5fb265553f7.

This fix can be implemented using the nf_Reset() helper
instead of partly reimplementing it with a batman-adv
private function.

Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
---
 soft-interface.c |  8 --------
 soft-interface.h | 16 ----------------
 2 files changed, 24 deletions(-)

diff --git a/soft-interface.c b/soft-interface.c
index 5dd1247..33b6144 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -371,14 +371,6 @@ void batadv_interface_rx(struct net_device *soft_iface,
 	if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest))
 		goto dropped;
 
-	/* Clean the netfilter state before delivering the skb.
-	 * This packet may have traversed a bridge when it was encapsulated into
-	 * the batman header. Now that the header has been removed, the
-	 * netfilter state must be cleaned up to avoid to mess up with a
-	 * possible second bridge
-	 */
-	batadv_nf_bridge_skb_free(skb);
-
 	netif_rx(skb);
 	goto out;
 
diff --git a/soft-interface.h b/soft-interface.h
index 5c19c42..2f2472c 100644
--- a/soft-interface.h
+++ b/soft-interface.h
@@ -29,20 +29,4 @@ void batadv_softif_destroy_sysfs(struct net_device *soft_iface);
 int batadv_softif_is_valid(const struct net_device *net_dev);
 extern struct rtnl_link_ops batadv_link_ops;
 
-#ifdef CONFIG_BRIDGE_NETFILTER
-/**
- * batadv_nf_bridge_skb_free - clean the NF bridge data in an skb
- * @skb: the skb which nf data has to be free'd
- */
-static inline void batadv_nf_bridge_skb_free(struct sk_buff *skb)
-{
-	nf_bridge_put(skb->nf_bridge);
-	skb->nf_bridge = NULL;
-}
-#else
-static inline void batadv_nf_bridge_skb_free(struct sk_buff *skb)
-{
-}
-#endif /* CONFIG_BRIDGE_NETFILTER */
-
 #endif /* _NET_BATMAN_ADV_SOFT_INTERFACE_H_ */
-- 
1.8.5.2

[B.A.T.M.A.N.] [PATCH maint 2/2] batman-adv: clean nf state when removing protocol header

[Antonio Quartulli]

If an interface enslaved into batman-adv is a bridge (or a
virtual interface built on top of a bridge) the nf_bridge
member of the skbs reaching the soft-interface is filled
with the state about "netfilter bridge" operations.

Then, if one of such skbs is locally delivered, the nf_bridge
member should be cleaned up to avoid that the old state
could mess up with other "netfilter bridge" operations when
entering a second bridge.
This is needed because batman-adv is an encapsulation
protocol.

However at the moment skb->nf_bridge is not released at all
leading to bogus "netfilter bridge" behaviours.

Fix this by cleaning the netfilter state of the skb before
it gets delivered to the upper layer in interface_rx().

Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
---
 soft-interface.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/soft-interface.c b/soft-interface.c
index 33b6144..08086cf 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -324,6 +324,11 @@ void batadv_interface_rx(struct net_device *soft_iface,
 	skb_pull_rcsum(skb, hdr_size);
 	skb_reset_mac_header(skb);
 
+	/* clean the netfilter state now that the batman-adv header has been
+	 * removed
+	 */
+	nf_reset(skb);
+
 	ethhdr = eth_hdr(skb);
 
 	switch (ntohs(ethhdr->h_proto)) {
-- 
1.8.5.2

Re: [B.A.T.M.A.N.] [PATCH maint 1/2] Revert "batman-adv: free nf_bridge member on locally delivered skb"

[Marek Lindner]

[-- Attachment #1: Type: text/plain, Size: 487 bytes --]

On Monday 23 December 2013 01:28:04 Antonio Quartulli wrote:
> This reverts commit 9048eb62124f47f66d12eb1d706ab5fb265553f7.
> 
> This fix can be implemented using the nf_Reset() helper
> instead of partly reimplementing it with a batman-adv
> private function.
> 
> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
> ---
>  soft-interface.c |  8 --------
>  soft-interface.h | 16 ----------------
>  2 files changed, 24 deletions(-)

Applied in revision 6bd723.

Thanks,
Marek

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: [B.A.T.M.A.N.] [PATCH maint 2/2] batman-adv: clean nf state when removing protocol header

[Marek Lindner]

[-- Attachment #1: Type: text/plain, Size: 994 bytes --]

On Monday 23 December 2013 01:28:05 Antonio Quartulli wrote:
> If an interface enslaved into batman-adv is a bridge (or a
> virtual interface built on top of a bridge) the nf_bridge
> member of the skbs reaching the soft-interface is filled
> with the state about "netfilter bridge" operations.
> 
> Then, if one of such skbs is locally delivered, the nf_bridge
> member should be cleaned up to avoid that the old state
> could mess up with other "netfilter bridge" operations when
> entering a second bridge.
> This is needed because batman-adv is an encapsulation
> protocol.
> 
> However at the moment skb->nf_bridge is not released at all
> leading to bogus "netfilter bridge" behaviours.
> 
> Fix this by cleaning the netfilter state of the skb before
> it gets delivered to the upper layer in interface_rx().
> 
> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
> ---
>  soft-interface.c | 5 +++++
>  1 file changed, 5 insertions(+)

Applied in revision 1356028.

Thanks,
Marek

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]