On Fri, Oct 24, 2014 at 12:41:49PM +0200, Florian Westphal wrote: > Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > bridge: Do not compile options in br_parse_ip_options > > > > Commit 462fb2af9788a82a534f8184abfde31574e1cfa0 > > > > bridge : Sanitize skb before it enters the IP stack > > > > broke when IP options are actually used because it mangles the > > skb as if it entered the IP stack which is wrong because the > > bridge is supposed to operate below the IP stack. > > > > Since nobody has actually requested for parsing of IP options > > this patch fixes it by simply reverting to the previous approach > > of ignoring all IP options, i.e., zeroing the IPCB. > > > > If and when somebody who uses IP options and actually needs them > > to be parsed by the bridge complains then we can revisit this. > > > > Reported-by: David Newall <davidn@xxxxxxxxxxxxxxx> > > Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> > > Tested-by: Florian Westphal <fw@xxxxxxxxx> Applied, thanks a lot for testing Florian. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
