[BRIDGE]: prevent bad forwarding table updates
[linux-2.6] / net / bridge / br_input.c
1 /*
2  *      Handle incoming frames
3  *      Linux ethernet bridge
4  *
5  *      Authors:
6  *      Lennert Buytenhek               <buytenh@gnu.org>
7  *
8  *      $Id: br_input.c,v 1.10 2001/12/24 04:50:20 davem Exp $
9  *
10  *      This program is free software; you can redistribute it and/or
11  *      modify it under the terms of the GNU General Public License
12  *      as published by the Free Software Foundation; either version
13  *      2 of the License, or (at your option) any later version.
14  */
15
16 #include <linux/kernel.h>
17 #include <linux/netdevice.h>
18 #include <linux/etherdevice.h>
19 #include <linux/netfilter_bridge.h>
20 #include "br_private.h"
21
22 const unsigned char bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 };
23
24 static int br_pass_frame_up_finish(struct sk_buff *skb)
25 {
26 #ifdef CONFIG_NETFILTER_DEBUG
27         skb->nf_debug = 0;
28 #endif
29         netif_rx(skb);
30
31         return 0;
32 }
33
34 static void br_pass_frame_up(struct net_bridge *br, struct sk_buff *skb)
35 {
36         struct net_device *indev;
37
38         br->statistics.rx_packets++;
39         br->statistics.rx_bytes += skb->len;
40
41         indev = skb->dev;
42         skb->dev = br->dev;
43
44         NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL,
45                         br_pass_frame_up_finish);
46 }
47
48 /* note: already called with rcu_read_lock (preempt_disabled) */
49 int br_handle_frame_finish(struct sk_buff *skb)
50 {
51         const unsigned char *dest = eth_hdr(skb)->h_dest;
52         struct net_bridge_port *p = skb->dev->br_port;
53         struct net_bridge *br = p->br;
54         struct net_bridge_fdb_entry *dst;
55         int passedup = 0;
56
57         /* insert into forwarding database after filtering to avoid spoofing */
58         br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
59
60         if (br->dev->flags & IFF_PROMISC) {
61                 struct sk_buff *skb2;
62
63                 skb2 = skb_clone(skb, GFP_ATOMIC);
64                 if (skb2 != NULL) {
65                         passedup = 1;
66                         br_pass_frame_up(br, skb2);
67                 }
68         }
69
70         if (dest[0] & 1) {
71                 br_flood_forward(br, skb, !passedup);
72                 if (!passedup)
73                         br_pass_frame_up(br, skb);
74                 goto out;
75         }
76
77         dst = __br_fdb_get(br, dest);
78         if (dst != NULL && dst->is_local) {
79                 if (!passedup)
80                         br_pass_frame_up(br, skb);
81                 else
82                         kfree_skb(skb);
83                 goto out;
84         }
85
86         if (dst != NULL) {
87                 br_forward(dst->dst, skb);
88                 goto out;
89         }
90
91         br_flood_forward(br, skb, 0);
92
93 out:
94         return 0;
95 }
96
97 /*
98  * Called via br_handle_frame_hook.
99  * Return 0 if *pskb should be processed furthur
100  *        1 if *pskb is handled
101  * note: already called with rcu_read_lock (preempt_disabled) 
102  */
103 int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
104 {
105         struct sk_buff *skb = *pskb;
106         const unsigned char *dest = eth_hdr(skb)->h_dest;
107
108         if (p->state == BR_STATE_DISABLED)
109                 goto err;
110
111         if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
112                 goto err;
113
114         if (p->state == BR_STATE_LEARNING)
115                 br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
116
117         if (p->br->stp_enabled &&
118             !memcmp(dest, bridge_ula, 5) &&
119             !(dest[5] & 0xF0)) {
120                 if (!dest[5]) {
121                         NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 
122                                 NULL, br_stp_handle_bpdu);
123                         return 1;
124                 }
125         }
126
127         else if (p->state == BR_STATE_FORWARDING) {
128                 if (br_should_route_hook) {
129                         if (br_should_route_hook(pskb)) 
130                                 return 0;
131                         skb = *pskb;
132                         dest = eth_hdr(skb)->h_dest;
133                 }
134
135                 if (!memcmp(p->br->dev->dev_addr, dest, ETH_ALEN))
136                         skb->pkt_type = PACKET_HOST;
137
138                 NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL,
139                         br_handle_frame_finish);
140                 return 1;
141         }
142
143 err:
144         kfree_skb(skb);
145         return 1;
146 }