Stephen Hemminger
2007-Apr-18 17:22 UTC
[Bridge] VLAN handling in br_netfilter.c:br_nf_pre_routing
On Tue, 15 Aug 2006 23:31:21 -0400 "Jon Sjoberg" <jsjoberg@djasolutions.com> wrote:> Hi all, > > Noticed that br_nf_pre_routing has some code to handle VLANs, but does not > update the nh header. This appears to cause the IP validity checks to fail > (i.e. "if (iph->ihl < 5..."). > > There is a check: > if (skb->protocol == __constant_htons(ETH_P_8021Q)){ > sk_pull(skb, VLAN_HLEN); > } > > If this was changed to: > if (skb->protocol == __constant_htons(ETH_P_8021Q)){ > sk_pull(skb, VLAN_HLEN); > skb->nh.raw += VLAN_HLEN; > } > > the checks pass. Note that this updated behavior is already doen elsewhere > in the code. > > Thanks, > JonYou are looking at old code, it was fixed in the current 2.6 tree. The skb_pull had to be changed to skb_pull_rcsum as well.
Jon Sjoberg
2007-Apr-18 17:22 UTC
[Bridge] VLAN handling in br_netfilter.c:br_nf_pre_routing
Hi all,
Noticed that br_nf_pre_routing has some code to handle VLANs, but does not
update the nh header. This appears to cause the IP validity checks to fail
(i.e. "if (iph->ihl < 5...").
There is a check:
if (skb->protocol == __constant_htons(ETH_P_8021Q)){
sk_pull(skb, VLAN_HLEN);
}
If this was changed to:
if (skb->protocol == __constant_htons(ETH_P_8021Q)){
sk_pull(skb, VLAN_HLEN);
skb->nh.raw += VLAN_HLEN;
}
the checks pass. Note that this updated behavior is already doen elsewhere
in the code.
Thanks,
Jon
----------------------------------------------------------------
Jon Sjoberg
DJA Solutions
E-mail: jsjoberg@djasolutions.com
Phone: 978.448.3659