[VLAN]: Allow VLAN interface on top of bridge interface

When a VLAN interface is created on top of a bridge interface and
netfilter is enabled to see the bridged packets, the packets can be
corrupted when passing through the netfilter code. This is caused by the
VLAN driver not setting the 'protocol' and 'nh' members of the sk_buff
structure. In general, this is no problem as the VLAN interface is mostly
connected to a physical ethernet interface which does not use the
'protocol' and 'nh' members. For a bridge interface, however, these
members do matter.

Signed-off-by: Jerome Borsboom <j.borsboom@erasmusmc.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 2fc8fe2..b6e0eea 100644 (file)
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -380,6 +380,9 @@ int vlan_dev_hard_header(struct sk_buff *skb, struct net_device *dev,
                } else {
                        vhdr->h_vlan_encapsulated_proto = htons(len);
                }
+
+               skb->protocol = htons(ETH_P_8021Q);
+               skb->nh.raw = skb->data;
        }
 
        /* Before delegating work to the lower layer, enter our MAC-address */