Kernel bridge driver dropping packets as "invalid header"
Bug #1065150 reported by
Sarveshwar Bandi
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Emulex project |
Fix Released
|
Medium
|
Jesse Sung | ||
linux (Ubuntu) |
Fix Released
|
Undecided
|
Jesse Sung | ||
Precise |
Fix Released
|
Undecided
|
Jesse Sung | ||
Quantal |
Fix Released
|
Undecided
|
Jesse Sung |
Bug Description
When the upstream patch mentioned below was applied to 12.04 , it exposed a bug in kernel bridge driver in linux-image-
commit ac1ae5f33fd225f
Author: Eric Dumazet <email address hidden>
Date: Fri Jul 13 03:19:41 2012 +0000
be2net: dont pull too much data in skb linear part
This caused the bridge driver to drop ip packets as "invalid header". I have sent patch which fixes this issue in upstream kernel (net tree). This patch will need to be pulled into ubuntu once it is accepted upstream.
Thanks,
Sarvesh
Changed in emulex: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Jesse Sung (wenchien) |
Changed in emulex: | |
status: | Confirmed → In Progress |
Changed in linux (Ubuntu Precise): | |
assignee: | nobody → Jesse Sung (wenchien) |
status: | New → Fix Committed |
Changed in linux (Ubuntu Quantal): | |
assignee: | nobody → Jesse Sung (wenchien) |
status: | New → Fix Committed |
Changed in emulex: | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-quantal removed: verification-needed-quantal |
Changed in linux (Ubuntu): | |
status: | Fix Committed → Fix Released |
Changed in emulex: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Here is the patch submitted to upstream net tree. Waiting for it to be accepted:
From: Sarveshwar Bandi <email address hidden>
If lower layer driver leaves the ip header in the skb fragment, it needs to be first pulled into skb->data before inspecting ip header length or ip version number.
Signed-off-by: Sarveshwar Bandi <email address hidden> br_netfilter. c | 3 +++
---
net/bridge/
1 file changed, 3 insertions(+)
diff --git a/net/bridge/ br_netfilter. c b/net/bridge/ br_netfilter. c index 68e8f36..fe43bc7 100644 br_netfilter. c br_netfilter. c ip_options( struct sk_buff *skb)
--- a/net/bridge/
+++ b/net/bridge/
@@ -265,6 +265,9 @@ static int br_parse_
struct net_device *dev = skb->dev;
u32 len;
+ if (!pskb_ may_pull( skb, sizeof(struct iphdr)))
+ goto inhdr_error;
+
iph = ip_hdr(skb);
opt = &(IPCB(skb)->opt);
--
1.7.9.5