[B.A.T.M.A.N.] [PATCH maint] batman-adv: free nf_bridge member on locally delivered skb

[B.A.T.M.A.N.] [PATCH maint] batman-adv: free nf_bridge member on locally delivered skb

[Antonio Quartulli]

If an interface enslaved into batman-adv is a bridge (or a
virtual interface built on top of a bridge) the nf_bridge
member of the skbs reaching the soft-interface is filled
with the state about "netfilter bridge" operations.

Then, if one of such skbs is locally delivered, the nf_bridge
member should be cleaned up to avoid that the old state
could mess up with other "netfilter bridge" operations when
entering a second bridge.
This is needed because batman-adv is an encapsulation
protocol.

However at the moment skb->nf_bridge is not released at all
leading to bogus "netfilter bridge" behaviours.
Fix this by releasing skb->nf_bridge before an skb gets
delivered to the upper layer in interface_rx().

Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
---
 soft-interface.c |  8 ++++++++
 soft-interface.h | 16 ++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/soft-interface.c b/soft-interface.c
index 33b6144..5dd1247 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -371,6 +371,14 @@ void batadv_interface_rx(struct net_device *soft_iface,
 	if (batadv_is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest))
 		goto dropped;
 
+	/* Clean the netfilter state before delivering the skb.
+	 * This packet may have traversed a bridge when it was encapsulated into
+	 * the batman header. Now that the header has been removed, the
+	 * netfilter state must be cleaned up to avoid to mess up with a
+	 * possible second bridge
+	 */
+	batadv_nf_bridge_skb_free(skb);
+
 	netif_rx(skb);
 	goto out;
 
diff --git a/soft-interface.h b/soft-interface.h
index 2f2472c..5c19c42 100644
--- a/soft-interface.h
+++ b/soft-interface.h
@@ -29,4 +29,20 @@ void batadv_softif_destroy_sysfs(struct net_device *soft_iface);
 int batadv_softif_is_valid(const struct net_device *net_dev);
 extern struct rtnl_link_ops batadv_link_ops;
 
+#ifdef CONFIG_BRIDGE_NETFILTER
+/**
+ * batadv_nf_bridge_skb_free - clean the NF bridge data in an skb
+ * @skb: the skb which nf data has to be free'd
+ */
+static inline void batadv_nf_bridge_skb_free(struct sk_buff *skb)
+{
+	nf_bridge_put(skb->nf_bridge);
+	skb->nf_bridge = NULL;
+}
+#else
+static inline void batadv_nf_bridge_skb_free(struct sk_buff *skb)
+{
+}
+#endif /* CONFIG_BRIDGE_NETFILTER */
+
 #endif /* _NET_BATMAN_ADV_SOFT_INTERFACE_H_ */
-- 
1.8.5.1

Re: [B.A.T.M.A.N.] [PATCH maint] batman-adv: free nf_bridge member on locally delivered skb

[Marek Lindner]

[-- Attachment #1: Type: text/plain, Size: 1028 bytes --]

On Friday 06 December 2013 15:07:15 Antonio Quartulli wrote:
> If an interface enslaved into batman-adv is a bridge (or a
> virtual interface built on top of a bridge) the nf_bridge
> member of the skbs reaching the soft-interface is filled
> with the state about "netfilter bridge" operations.
> 
> Then, if one of such skbs is locally delivered, the nf_bridge
> member should be cleaned up to avoid that the old state
> could mess up with other "netfilter bridge" operations when
> entering a second bridge.
> This is needed because batman-adv is an encapsulation
> protocol.
> 
> However at the moment skb->nf_bridge is not released at all
> leading to bogus "netfilter bridge" behaviours.
> Fix this by releasing skb->nf_bridge before an skb gets
> delivered to the upper layer in interface_rx().
> 
> Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
> ---
>  soft-interface.c |  8 ++++++++
>  soft-interface.h | 16 ++++++++++++++++
>  2 files changed, 24 insertions(+)

Applied in revision 9048eb6.

Thanks,
Marek

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]