Since commit 751de2012eaf ("netfilter: br_netfilter: skip conntrack input hook
for promisc packets")
a second argument (promisc) has been added to br_pass_frame_up which
represents whether the interface is in promiscuous mode. However,
internally - in one remaining case - br_pass_frame_up checks the device
flags derived from skb instead of the argument being passed in.
This one-line changes addresses this inconsistency.
Signed-off-by: Amedeo Baragiola <ingame...@gmail.com>
---
net/bridge/br_input.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index ceaa5a89b947..156c18f42fa3 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -50,8 +50,7 @@ static int br_pass_frame_up(struct sk_buff *skb, bool promisc)
* packet is allowed except in promisc mode when someone
* may be running packet capture.
*/
- if (!(brdev->flags & IFF_PROMISC) &&
- !br_allowed_egress(vg, skb)) {
+ if (!promisc && !br_allowed_egress(vg, skb)) {
kfree_skb(skb);
return NET_RX_DROP;
}
--
2.46.2
