[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter-devel
Subject:    Re: [PATCH nf] netfilter: bridge: add support for ppoe filtering
From:       Pablo Neira Ayuso <pablo () netfilter ! org>
Date:       2021-11-30 22:16:14
Message-ID: YaairnnpCs3pd+Y3 () salvia
[Download RAW message or body]

On Tue, Nov 23, 2021 at 12:50:31PM +0100, Florian Westphal wrote:
> This makes 'bridge-nf-filter-pppoe-tagged' sysctl work for
> bridged traffic.
> 
> Looking at the original commit it doesn't appear this ever worked:
> 
>  static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb,
> [..]
>         if (skb->protocol == htons(ETH_P_8021Q)) {
>                 skb_pull(skb, VLAN_HLEN);
>                 skb->network_header += VLAN_HLEN;
> +       } else if (skb->protocol == htons(ETH_P_PPP_SES)) {
> +               skb_pull(skb, PPPOE_SES_HLEN);
> +               skb->network_header += PPPOE_SES_HLEN;
>         }
>  [..]
> 	NF_HOOK(... POST_ROUTING, ...)
> 
> ... but the adjusted offsets are never restored.
> 
> The alternative would be to rip this code out for good,
> but otoh we'd have to keep this anyway for the vlan handling
> (which works because vlan tag info is in the skb, not the packet
>  payload).

If this has never worked (day 0), then I'm inclined to apply this to
nf-next.

Applied, thanks
[prev in list] [next in list] [prev in thread] [next in thread]