From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1428512AbdDYJKo (ORCPT ); Tue, 25 Apr 2017 05:10:44 -0400 Received: from mail.us.es ([193.147.175.20]:46058 "EHLO mail.us.es" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1428475AbdDYJKa (ORCPT ); Tue, 25 Apr 2017 05:10:30 -0400 Date: Tue, 25 Apr 2017 11:10:22 +0200 From: Pablo Neira Ayuso To: Linus =?iso-8859-1?Q?L=FCssing?= Cc: netdev@vger.kernel.org, "David S . Miller" , Stephen Hemminger , Jozsef Kadlecsik , bridge@lists.linux-foundation.org, netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH net v3] bridge: ebtables: fix reception of frames DNAT-ed to bridge device/port Message-ID: <20170425091022.GB2930@salvia> References: <20170419194733.19006-1-linus.luessing@c0d3.blue> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20170419194733.19006-1-linus.luessing@c0d3.blue> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Apr 19, 2017 at 09:47:33PM +0200, Linus Lüssing wrote: > When trying to redirect bridged frames to the bridge device itself or > a bridge port (brouting) via the dnat target then this currently fails: > > The ethernet destination of the frame is dnat'ed to the MAC address of > the bridge device or port just fine. However, the IP code drops it in > the beginning of ip_input.c/ip_rcv() as the dnat target left > the skb->pkt_type as PACKET_OTHERHOST. > > Fixing this by resetting skb->pkt_type to an appropriate type after > dnat'ing. Applied, thanks. One comment below. > @@ -18,11 +19,32 @@ static unsigned int > ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par) > { > const struct ebt_nat_info *info = par->targinfo; > + struct net_device *dev; > > if (!skb_make_writable(skb, 0)) > return EBT_DROP; > > ether_addr_copy(eth_hdr(skb)->h_dest, info->mac); > + > + if (is_multicast_ether_addr(info->mac)) { > + if (is_broadcast_ether_addr(info->mac)) > + skb->pkt_type = PACKET_BROADCAST; > + else > + skb->pkt_type = PACKET_MULTICAST; > + } else { > + rcu_read_lock(); I'm going to manually remove this explicit rcu_read_lock() here, no need to resend. We're guaranteed to run from packet path with read side lock from netfilter hooks. So we just save some cycles from running this unnecessary nesting. Let me know if I'm missing anything. Thanks!