[Bug 1744] New: Packet corruption occurs when using the nftables vlan pcp set command

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Apr 10 05:46:15 CEST 2024 

https://bugzilla.netfilter.org/show_bug.cgi?id=1744

            Bug ID: 1744
           Summary: Packet corruption occurs when using the nftables vlan
                    pcp set command
           Product: nftables
           Version: 1.0.x
          Hardware: arm
                OS: All
            Status: NEW
          Severity: major
          Priority: P5
         Component: kernel
          Assignee: pablo at netfilter.org
          Reporter: yungan.wang at broadcom.com

Created attachment 740
  --> https://bugzilla.netfilter.org/attachment.cgi?id=740&action=edit
Packet sent and received

[Software Information]
Linux Version: 5.15
nftables:
https://www.netfilter.org/projects/nftables/files/nftables-1.0.9.tar.xz
libnftnl:
https://www.netfilter.org/projects/libnftnl/files/libnftnl-1.2.6.tar.xz

[Test Procedure & Result]
1. Add nftables table and chain to filter bridge packets:
nft add table bridge br_filter
nft 'add chain bridge br_filter Postrouting { type filter hook postrouting
priority filter; policy accept; }'

2. Add nftables rule to match VLAN packets with VLAN PCP 2 and change the VLAN
PCP to 7:
nft flush chain bridge br_filter Postrouting
nft add rule bridge br_filter Postrouting vlan pcp 2 vlan pcp set 7 counter
nft -a list chain bridge br_filter Postrouting

3. Send a packet with VLAN PCP 2 through the Linux bridge. (See attached file:
2024-04-09 tx packet.pcapng)

4. Upon receiving the packet after nftables changes the VLAN PCP, the IP header
of the packet is corrupted. The VLAN PCP value remains unchanged. (See attached
file: 2024-04-09 rx packet.pcapng)

[Analysis]
When receiving packets from the Linux bridge, the VLAN tag is already untagged
and stored in skb->vlan_tci. However, when using the "vlan pcp set" command,
the incorrect offset is obtained in nft_payload_set_eval(), resulting in packet
corruption. To resolve this issue, "vlan pcp set" should set skb->vlan_tci
instead of modifying skb->data.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240410/c6de0ff5/attachment.html>

More information about the netfilter-buglog mailing list