Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp670521ybg;
        Mon, 1 Jun 2020 11:15:39 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwCHIgU0v6CO+DSpi3P0/aT//b/FaTG5wG8pdksZL05lyP6eEXdpH3cudWyFTOEjVSSXRKN
X-Received: by 2002:a17:906:a48:: with SMTP id x8mr15694623ejf.89.1591035339221;
        Mon, 01 Jun 2020 11:15:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1591035339; cv=none;
        d=google.com; s=arc-20160816;
        b=JMvXYx+4DuZR7ArTvTlcG1X5qXUUBeM3Zpr0wE9mkxzyRaPjkMikYOBykdLMS130EH
         QqdOxtcYYTAmri6W0RbvQNLTJ2IDnQPmkI4xELNCiqKSP8Tyn25i0agp3m79SO2wzKB0
         3twLe5Xz+erc45wI+MILWKblWj4qvbllv1otrMINExc3SbAqJIq1TK6sYO7fo63k/SiP
         6t7e/6N2pbs2dCI5fX5XT5Np4lcr2noAnEEXP+LSsh13X3IZqE5YXO4+K2NJ2WML4tc9
         buXiXuDYTq5FbDJy8HsjlkMIdyW2jLRroVo90iZv6+N2aniubYHNGRPJrOey7/deAgbq
         msPg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=Q8JHZvv5/ZgeQL7wfSU9C/4BYpUx652gWHTl9nL/IjA=;
        b=N2LaWQQtV+rDLEyn3oPCAXgJDJHZ97h0TW/k+kEBhkbc3EuTQ4WTp3i+tVEailqIkO
         e2FmavjzjSPBrNkzbRBSfqhOoOdYtibkvYVALjLvsNkzhUgTq6yNW1eCC/ym8QVOozcg
         PgtKZWnfmIy3YphTwp1f0UEARjs2yH3re+arcalEM3dYCyW8oKUM4H5QVMIkUZ7kksq+
         muM/0B6iHZa1iLiJ+wcZKhsckUHFmFApA+hrN02aF6Zalp3lk3IGf/SW7xo3+rEr3L2F
         FMELScUty1bPGhnTJsUJJO3fXFu4YCoxBkoiXIOWEASq+YEztwUvzLAZWNrdbahDbBcy
         mFVA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=bNhPwIan;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id c5si100515edq.283.2020.06.01.11.15.16;
        Mon, 01 Jun 2020 11:15:39 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=bNhPwIan;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731022AbgFASKt (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Mon, 1 Jun 2020 14:10:49 -0400
Received: from mail.kernel.org ([198.145.29.99]:57330 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1730993AbgFASK3 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 1 Jun 2020 14:10:29 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 44D1A207BB;
        Mon,  1 Jun 2020 18:10:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1591035028;
        bh=Syz0oJeLENcBeZiJymoRK63ZsyGJDQbC94aTQ556b6o=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=bNhPwIanmK5N7XWTWTy39Pok9nguvKuVNH+vnrnHhJLsaWX1Y/Y9375KhReOGrKxU
         F8n4rrATQPh9u7n/DevVqOUShOZ1+G/ahuGp19ZCYASmLBoQXxk8BH4ZNpq83JseoP
         SKqDCZZYzVVDU59DtoUkGIMfkK5UJmSxXoO0yqbY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Michael Braun <michael-dev@fami-braun.de>,
        Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 5.4 121/142] netfilter: nft_reject_bridge: enable reject with bridge vlan
Date:   Mon,  1 Jun 2020 19:54:39 +0200
Message-Id: <20200601174050.333572615@linuxfoundation.org>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20200601174037.904070960@linuxfoundation.org>
References: <20200601174037.904070960@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Michael Braun <michael-dev@fami-braun.de>

commit e9c284ec4b41c827f4369973d2792992849e4fa5 upstream.

Currently, using the bridge reject target with tagged packets
results in untagged packets being sent back.

Fix this by mirroring the vlan id as well.

Fixes: 85f5b3086a04 ("netfilter: bridge: add reject support")
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/bridge/netfilter/nft_reject_bridge.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/net/bridge/netfilter/nft_reject_bridge.c
+++ b/net/bridge/netfilter/nft_reject_bridge.c
@@ -31,6 +31,12 @@ static void nft_reject_br_push_etherhdr(
 	ether_addr_copy(eth->h_dest, eth_hdr(oldskb)->h_source);
 	eth->h_proto = eth_hdr(oldskb)->h_proto;
 	skb_pull(nskb, ETH_HLEN);
+
+	if (skb_vlan_tag_present(oldskb)) {
+		u16 vid = skb_vlan_tag_get(oldskb);
+
+		__vlan_hwaccel_put_tag(nskb, oldskb->vlan_proto, vid);
+	}
 }
 
 static int nft_bridge_iphdr_validate(struct sk_buff *skb)