Patch "net: bridge: when suppression is enabled exclude RARP packets" has been added to the 5.12-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 14 May 2021 22:14:32 -0400

This is a note to let you know that I've just added the patch titled

    net: bridge: when suppression is enabled exclude RARP packets

to the 5.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-bridge-when-suppression-is-enabled-exclude-rarp-.patch
and it can be found in the queue-5.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 155ef1194f97e35175eba512515cae76252fa6a8
Author: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
Date:   Mon Mar 22 17:45:27 2021 +0200

    net: bridge: when suppression is enabled exclude RARP packets
    
    [ Upstream commit 0353b4a96b7a9f60fe20d1b3ebd4931a4085f91c ]
    
    Recently we had an interop issue where RARP packets got suppressed with
    bridge neigh suppression enabled, but the check in the code was meant to
    suppress GARP. Exclude RARP packets from it which would allow some VMWare
    setups to work, to quote the report:
    "Those RARP packets usually get generated by vMware to notify physical
    switches when vMotion occurs. vMware may use random sip/tip or just use
    sip=tip=0. So the RARP packet sometimes get properly flooded by the vtep
    and other times get dropped by the logic"
    
    Reported-by: Amer Abdalamer <amer@xxxxxxxxxx>
    Signed-off-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/bridge/br_arp_nd_proxy.c b/net/bridge/br_arp_nd_proxy.c
index dfec65eca8a6..3db1def4437b 100644
--- a/net/bridge/br_arp_nd_proxy.c
+++ b/net/bridge/br_arp_nd_proxy.c
@@ -160,7 +160,9 @@ void br_do_proxy_suppress_arp(struct sk_buff *skb, struct net_bridge *br,
 	if (br_opt_get(br, BROPT_NEIGH_SUPPRESS_ENABLED)) {
 		if (p && (p->flags & BR_NEIGH_SUPPRESS))
 			return;
-		if (ipv4_is_zeronet(sip) || sip == tip) {
+		if (parp->ar_op != htons(ARPOP_RREQUEST) &&
+		    parp->ar_op != htons(ARPOP_RREPLY) &&
+		    (ipv4_is_zeronet(sip) || sip == tip)) {
 			/* prevent flooding to neigh suppress ports */
 			BR_INPUT_SKB_CB(skb)->proxyarp_replied = 1;
 			return;






