]> err.no Git - linux-2.6/commitdiff
[BRIDGE]: filter packets in learning state
authorStephen Hemminger <shemminger@osdl.org>
Thu, 22 Dec 2005 03:00:18 +0000 (19:00 -0800)
committerDavid S. Miller <davem@sunset.davemloft.net>
Tue, 3 Jan 2006 21:11:02 +0000 (13:11 -0800)
While in the learning state, run filters but drop the result.
This prevents us from acquiring bad fdb entries in learning state.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/bridge/br_input.c

index b88220a64cd8e0a7009971cc09f6507fc3f9b117..c387852f753afaf5b37c62cad02bd3fc2877fac7 100644 (file)
@@ -53,6 +53,11 @@ int br_handle_frame_finish(struct sk_buff *skb)
        /* insert into forwarding database after filtering to avoid spoofing */
        br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
 
+       if (p->state == BR_STATE_LEARNING) {
+               kfree_skb(skb);
+               goto out;
+       }
+
        if (br->dev->flags & IFF_PROMISC) {
                struct sk_buff *skb2;
 
@@ -107,9 +112,6 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
        if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
                goto err;
 
-       if (p->state == BR_STATE_LEARNING)
-               br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
-
        if (p->br->stp_enabled &&
            !memcmp(dest, bridge_ula, 5) &&
            !(dest[5] & 0xF0)) {
@@ -118,9 +120,10 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
                                NULL, br_stp_handle_bpdu);
                        return 1;
                }
+               goto err;
        }
 
-       else if (p->state == BR_STATE_FORWARDING) {
+       if (p->state == BR_STATE_FORWARDING || p->state == BR_STATE_LEARNING) {
                if (br_should_route_hook) {
                        if (br_should_route_hook(pskb)) 
                                return 0;