linux/net/bridge
Toshiaki Makita e0d7968ab6 bridge: Prevent insertion of FDB entry with disallowed vlan
br_handle_local_finish() is allowing us to insert an FDB entry with
disallowed vlan. For example, when port 1 and 2 are communicating in
vlan 10, and even if vlan 10 is disallowed on port 3, port 3 can
interfere with their communication by spoofed src mac address with
vlan id 10.

Note: Even if it is judged that a frame should not be learned, it should
not be dropped because it is destined for not forwarding layer but higher
layer. See IEEE 802.1Q-2011 8.13.10.

Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Acked-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-06-02 13:38:23 -07:00
..
netfilter netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
br.c bridge: move br_net_exit() to br.c 2014-01-13 23:42:39 -08:00
br_device.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-03-29 18:48:54 -04:00
br_fdb.c bridge: notify user space after fdb update 2014-06-01 22:14:50 -07:00
br_forward.c bridge: use is_skb_forwardable in forward path 2014-03-31 16:04:04 -04:00
br_if.c netpoll: Remove gfp parameter from __netpoll_setup 2014-03-29 17:58:37 -04:00
br_input.c bridge: Prevent insertion of FDB entry with disallowed vlan 2014-06-02 13:38:23 -07:00
br_ioctl.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_mdb.c Revert "bridge: only expire the mdb entry when query is received" 2013-10-22 14:41:02 -04:00
br_multicast.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-03-14 22:31:55 -04:00
br_netfilter.c bridge: superfluous skb->nfct check in br_nf_dev_queue_xmit 2014-05-05 16:05:43 +02:00
br_netlink.c bridge: Handle IFLA_ADDRESS correctly when creating bridge device 2014-04-27 19:46:17 -04:00
br_notify.c net: convert resend IGMP to notifier event 2013-07-23 16:52:47 -07:00
br_private.h bridge: Prevent insertion of FDB entry with disallowed vlan 2014-06-02 13:38:23 -07:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_stp.c bridge: Clamp forward_delay when enabling STP 2013-09-12 23:32:14 -04:00
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_stp_if.c bridge: Change local fdb entries whenever mac address of bridge device changes 2014-02-10 14:34:33 -08:00
br_stp_timer.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_sysfs_br.c bridge: use DEVICE_ATTR_xx macros 2014-01-06 16:40:46 -05:00
br_sysfs_if.c bridge: change "foo* bar" to "foo *bar" 2013-12-19 19:27:26 -05:00
br_vlan.c bridge: Prevent insertion of FDB entry with disallowed vlan 2014-06-02 13:38:23 -07:00