diff options
| author | David S. Miller <davem@davemloft.net> | 2014-11-21 08:12:39 +0300 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-11-21 08:12:39 +0300 |
| commit | 7e09dccd07518729fe3cf586beb83acffa2e64ca (patch) | |
| tree | 2ef7558f6db8bd9fd7355d8194d1b5d871edf63f /net/bridge/br_multicast.c | |
| parent | c8577819009473311d5f74112e136f17d7859ee1 (diff) | |
| parent | f0b4eeced518c632210ef2aea44fc92cc9e86cce (diff) | |
| download | linux-7e09dccd07518729fe3cf586beb83acffa2e64ca.tar.xz | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains two bugfixes for your net tree, they are:
1) Validate netlink group from nfnetlink to avoid an out of bound array
access. This should only happen with superuser priviledges though.
Discovered by Andrey Ryabinin using trinity.
2) Don't push ethernet header before calling the netfilter output hook
for multicast traffic, this breaks ebtables since it expects to see
skb->data pointing to the network header, patch from Linus Luessing.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_multicast.c')
| -rw-r--r-- | net/bridge/br_multicast.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index 648d79ccf462..c465876c7861 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -813,10 +813,9 @@ static void __br_multicast_send_query(struct net_bridge *br, return; if (port) { - __skb_push(skb, sizeof(struct ethhdr)); skb->dev = port->dev; NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, - dev_queue_xmit); + br_dev_queue_push_xmit); } else { br_multicast_select_own_querier(br, ip, skb); netif_rx(skb); |