user/sven/linux.git/net/bridge, branch v3.3.5

bridge: Do not send queries on multicast group leaves

2012-04-27T17:16:54Z

[ Upstream commit 996304bbea3d2a094b7ba54c3bd65d3fffeac57b ] As it stands the bridge IGMP snooping system will respond to group leave messages with queries for remaining membership. This is both unnecessary and undesirable. First of all any multicast routers present should be doing this rather than us. What's more the queries that we send may end up upsetting other multicast snooping swithces in the system that are buggy. In fact, we can simply remove the code that send these queries because the existing membership expiry mechanism doesn't rely on them anyway. So this patch simply removes all code associated with group queries in response to group leave messages. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman

bridge: fix state reporting when port is disabled

2012-03-08T08:25:25Z

Now we have: eth0: link *down* br0: port 1(eth0) entered *forwarding* state br_log_state(p) should be called *after* p->state is set to BR_STATE_DISABLED. Reported-by: Zilvinas Valinskas Signed-off-by: Paulius Zaleckas Acked-by: Stephen Hemminger Signed-off-by: David S. Miller

bridge: br_log_state() s/entering/entered/

2012-03-08T08:25:25Z

When br_log_state() is reporting state it should say "entered" istead of "entering" since state at this point is already changed. Signed-off-by: Paulius Zaleckas Signed-off-by: David S. Miller

bridge: netfilter: don't call iptables on vlan packets if sysctl is off

2012-03-06T19:43:49Z

When net.bridge.bridge-nf-filter-vlan-tagged is 0 (default), vlan packets arriving should not be sent to ip(6)tables by bridge netfilter. However, it turns out that we currently always send VLAN packets to netfilter, if .. a), CONFIG_VLAN_8021Q is enabled ; or b), CONFIG_VLAN_8021Q is not set but rx vlan offload is enabled on the bridge port. This is because bridge netfilter treats skb with skb->protocol == ETH_P_IP{V6} as "non-vlan packet". With rx vlan offload on or CONFIG_VLAN_8021Q=y, the vlan header has already been removed here, and we cannot rely on skb->protocol alone. Fix this by only using skb->protocol if the skb has no vlan tag, or if a vlan tag is present and filter-vlan-tagged bridge netfilter sysctl is enabled. We cannot remove the skb->protocol == htons(ETH_P_8021Q) test because the vlan tag is still around in the CONFIG_VLAN_8021Q=n && "ethtool -K $itf rxvlan off" case. reproducer: iptables -t raw -I PREROUTING -i br0 iptables -t raw -I PREROUTING -i br0.1 Then send packets to an ip address configured on br0.1 interface. Even with net.bridge.bridge-nf-filter-vlan-tagged=0, the 1st rule will match instead of the 2nd one. With this patch applied, the 2nd rule will match instead. In the non-local address case, netfilter won't be consulted after this patch unless the sysctl is switched on. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller

netfilter: bridge: fix wrong pointer dereference

2012-03-06T19:43:49Z

In adf7ff8, a invalid dereference was added in ebt_make_names. CC [M] net/bridge/netfilter/ebtables.o net/bridge/netfilter/ebtables.c: In function `ebt_make_names': net/bridge/netfilter/ebtables.c:1371:20: warning: `t' may be used uninitialized in this function [-Wuninitialized] Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller

netfilter: ebtables: fix wrong name length while copying to user-space

2012-03-06T19:43:49Z

user-space ebtables expects 32 bytes-long names, but xt_match names use 29 bytes. We have to copy less 29 bytes and then, make sure we fill the remaining bytes with zeroes. Signed-off-by: Santosh Nayak Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller

bridge: check return value of ipv6_dev_get_saddr()

2012-03-05T21:45:34Z

otherwise source IPv6 address of ICMPV6_MGM_QUERY packet might be random junk if IPv6 is disabled on interface or link-local address is not yet ready (DAD). Signed-off-by: Ulrich Weber Signed-off-by: David S. Miller

bridge: message age needs to increase, not decrease.

2012-03-05T02:57:40Z

commit bridge: send proper message_age in config BPDU added this gem: bpdu.message_age = (jiffies - root->designated_age) p->designated_age = jiffies + bpdu->message_age; Notice how bpdu->message_age is negated when reassigned to bpdu.message_age. This causes message age to decrease breaking the STP protocol. Signed-off-by: Joakim Tjernlund Signed-off-by: David S. Miller

bridge: Adjust min age inc for HZ > 256

2012-03-05T02:57:39Z

min age increment needs to round up its min age tick for all HZ values to guarantee message age is increasing. Signed-off-by: Joakim Tjernlund Signed-off-by: David S. Miller

netfilter: bridge: fix module autoload in compat case

2012-02-25T13:29:09Z

We expected 0 if module doesn't exist, which is no longer the case (42046e2e45c109ba703993c510401a11f716c8df, netfilter: x_tables: return -ENOENT for non-existant matches/targets). Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso