Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* ebtables dnat rule gets system frozen
@ 2019-11-03 11:14 Tom Yan
  2019-11-03 19:16 ` Florian Westphal
  2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal
  0 siblings, 2 replies; 4+ messages in thread
From: Tom Yan @ 2019-11-03 11:14 UTC (permalink / raw)
  To: netfilter-devel; +Cc: netfilter

Kernel version being 5.3.8, after adding a dnat rule (to the OUTPUT
chain) with ebtables-nft in iptables 1.8.3, my system is frozen as
soon as I ping anything. I couldn't catch anything with dmesg -w. Can
anyone reproduce the same issue? I am on Arch Linux.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: ebtables dnat rule gets system frozen
  2019-11-03 11:14 ebtables dnat rule gets system frozen Tom Yan
@ 2019-11-03 19:16 ` Florian Westphal
  2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal
  1 sibling, 0 replies; 4+ messages in thread
From: Florian Westphal @ 2019-11-03 19:16 UTC (permalink / raw)
  To: Tom Yan; +Cc: netfilter-devel, netfilter

Tom Yan <tom.ty89@gmail.com> wrote:
> Kernel version being 5.3.8, after adding a dnat rule (to the OUTPUT
> chain) with ebtables-nft in iptables 1.8.3, my system is frozen as
> soon as I ping anything. I couldn't catch anything with dmesg -w. Can
> anyone reproduce the same issue? I am on Arch Linux.

Yes, investigating.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains
  2019-11-03 11:14 ebtables dnat rule gets system frozen Tom Yan
  2019-11-03 19:16 ` Florian Westphal
@ 2019-11-03 19:54 ` Florian Westphal
  2019-11-04 19:19   ` Pablo Neira Ayuso
  1 sibling, 1 reply; 4+ messages in thread
From: Florian Westphal @ 2019-11-03 19:54 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Florian Westphal, Tom Yan, Linus Lüssing

xt_in() returns NULL in the output hook, skip the pkt_type change for
that case, redirection only makes sense in broute/prerouting hooks.

Reported-by: Tom Yan <tom.ty89@gmail.com>
Cc: Linus Lüssing <linus.luessing@c0d3.blue>
Fixes: cf3cb246e277d ("bridge: ebtables: fix reception of frames DNAT-ed to bridge device/port")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/bridge/netfilter/ebt_dnat.c | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/net/bridge/netfilter/ebt_dnat.c b/net/bridge/netfilter/ebt_dnat.c
index ed91ea31978a..12a4f4d93681 100644
--- a/net/bridge/netfilter/ebt_dnat.c
+++ b/net/bridge/netfilter/ebt_dnat.c
@@ -20,7 +20,6 @@ static unsigned int
 ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par)
 {
 	const struct ebt_nat_info *info = par->targinfo;
-	struct net_device *dev;
 
 	if (skb_ensure_writable(skb, ETH_ALEN))
 		return EBT_DROP;
@@ -33,10 +32,22 @@ ebt_dnat_tg(struct sk_buff *skb, const struct xt_action_param *par)
 		else
 			skb->pkt_type = PACKET_MULTICAST;
 	} else {
-		if (xt_hooknum(par) != NF_BR_BROUTING)
-			dev = br_port_get_rcu(xt_in(par))->br->dev;
-		else
+		const struct net_device *dev;
+
+		switch (xt_hooknum(par)) {
+		case NF_BR_BROUTING:
 			dev = xt_in(par);
+			break;
+		case NF_BR_PRE_ROUTING:
+			dev = br_port_get_rcu(xt_in(par))->br->dev;
+			break;
+		default:
+			dev = NULL;
+			break;
+		}
+
+		if (!dev) /* NF_BR_LOCAL_OUT */
+			return info->target;
 
 		if (ether_addr_equal(info->mac, dev->dev_addr))
 			skb->pkt_type = PACKET_HOST;
-- 
2.23.0


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains
  2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal
@ 2019-11-04 19:19   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2019-11-04 19:19 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netfilter-devel, Tom Yan, Linus Lüssing

On Sun, Nov 03, 2019 at 08:54:28PM +0100, Florian Westphal wrote:
> xt_in() returns NULL in the output hook, skip the pkt_type change for
> that case, redirection only makes sense in broute/prerouting hooks.

Applied, thanks.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-03 11:14 ebtables dnat rule gets system frozen Tom Yan
2019-11-03 19:16 ` Florian Westphal
2019-11-03 19:54 ` [PATCH nf] bridge: ebtables: don't crash when using dnat target in output chains Florian Westphal
2019-11-04 19:19   ` Pablo Neira Ayuso

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git