vserver 2.0 rc7

[linux-2.6.git] / net / bridge / br_input.c

diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 943d5dd..8f5f2e7 100644 (file)
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -26,7 +26,7 @@ static int br_pass_frame_up_finish(struct sk_buff *skb)
 #ifdef CONFIG_NETFILTER_DEBUG
        skb->nf_debug = 0;
 #endif
-       netif_rx(skb);
+       netif_receive_skb(skb);
 
        return 0;
 }
@@ -54,6 +54,9 @@ int br_handle_frame_finish(struct sk_buff *skb)
        struct net_bridge_fdb_entry *dst;
        int passedup = 0;
 
+       /* insert into forwarding database after filtering to avoid spoofing */
+       br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
+
        if (br->dev->flags & IFF_PROMISC) {
                struct sk_buff *skb2;
 
@@ -105,12 +108,11 @@ int br_handle_frame(struct net_bridge_port *p, struct sk_buff **pskb)
        if (p->state == BR_STATE_DISABLED)
                goto err;
 
-       if (eth_hdr(skb)->h_source[0] & 1)
+       if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
                goto err;
 
-       if (p->state == BR_STATE_LEARNING ||
-           p->state == BR_STATE_FORWARDING)
-               br_fdb_insert(p->br, p, eth_hdr(skb)->h_source, 0);
+       if (p->state == BR_STATE_LEARNING)
+               br_fdb_update(p->br, p, eth_hdr(skb)->h_source);
 
        if (p->br->stp_enabled &&
            !memcmp(dest, bridge_ula, 5) &&