bridge : Sanitize skb before it enters the IP stack

Related dicussion here : http://lkml.org/lkml/2010/9/3/16 Introduce a function br_parse_ip_options that will audit the skb and possibly refill IP options before a packet enters the IP stack. If no options are present, the function will zero out the skb cb area so that it is not misinterpreted as options by some unsuspecting IP layer routine. If packet consistency fails, drop it. Signed-off-by: Bandan Das <bandan.das@stratus.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Bandan Das <bandan.das@stratus.com> 2010-09-19 09:34:33 (GMT)
committer: David S. Miller <davem@davemloft.net> 2010-09-19 19:42:34 (GMT)
commit: 462fb2af9788a82a534f8184abfde31574e1cfa0 (patch)
tree: 63a8abf3657bb4ce586fdf14c89e6d81ca280725 /net/ipv4/ip_options.c
parent: aef3ea33e85035f7c827c1db9155f97f4b7ee725 (diff)
download: linux-462fb2af9788a82a534f8184abfde31574e1cfa0.tar.xz
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index ba9836c..1906fa3 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -466,7 +466,7 @@ error:
 	}
 	return -EINVAL;
 }
-
+EXPORT_SYMBOL(ip_options_compile);
 
 /*
  *	Undo all the changes done by ip_options_compile().
@@ -646,3 +646,4 @@ int ip_options_rcv_srr(struct sk_buff *skb)
 	}
 	return 0;
 }
+EXPORT_SYMBOL(ip_options_rcv_srr);
author	Bandan Das <bandan.das@stratus.com>	2010-09-19 09:34:33 (GMT)
committer	David S. Miller <davem@davemloft.net>	2010-09-19 19:42:34 (GMT)
commit	462fb2af9788a82a534f8184abfde31574e1cfa0 (patch)
tree	63a8abf3657bb4ce586fdf14c89e6d81ca280725 /net/ipv4/ip_options.c
parent	aef3ea33e85035f7c827c1db9155f97f4b7ee725 (diff)
download	linux-462fb2af9788a82a534f8184abfde31574e1cfa0.tar.xz