On Mon, Nov 17, 2014 at 01:48:43PM +0800, Gao feng wrote:
> diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
> index 1a4f32c..b4612b9 100644
> --- a/net/bridge/br_netfilter.c
> +++ b/net/bridge/br_netfilter.c
> @@ -653,7 +643,11 @@ static int br_nf_forward_finish(struct sk_buff *skb)
> in = nf_bridge->physindev;
> if (nf_bridge->mask & BRNF_PKT_TYPE) {
> skb->pkt_type = PACKET_OTHERHOST;
> - nf_bridge->mask ^= BRNF_PKT_TYPE;
> +
> + if (!nf_bridge_unset_mask(skb, BRNF_PKT_TYPE)) {
> + kfree_skb(skb);
> + return 0;
> + }
This can now release the packet and, thus, drop it.
However, br_nf_forward_ip() always returns NF_STOLEN.
Could you revisit the error paths and confirm they are correct?
Thanks.
> }
> nf_bridge_update_protocol(skb);
> } else {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
