OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/bridge
History
Toshiaki Makita 317d1e9c6a bridge: Prevent insertion of FDB entry with disallowed vlan 
[ Upstream commit e0d7968ab6 ]

br_handle_local_finish() is allowing us to insert an FDB entry with
disallowed vlan. For example, when port 1 and 2 are communicating in
vlan 10, and even if vlan 10 is disallowed on port 3, port 3 can
interfere with their communication by spoofed src mac address with
vlan id 10.

Note: Even if it is judged that a frame should not be learned, it should
not be dropped because it is destined for not forwarding layer but higher
layer. See IEEE 802.1Q-2011 8.13.10.

Signed-off-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
Acked-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2014-06-26 15:15:39 -04:00
..
netfilter netfilter: Can't fail and free after table replacement 2014-05-31 13:20:28 -07:00
Kconfig
Makefile
br.c bridge: move br_net_exit() to br.c 2014-01-13 23:42:39 -08:00
br_device.c bridge: Fix inabillity to retrieve vlan tags when tx offload is disabled 2014-03-28 16:33:09 -04:00
br_fdb.c bridge: Prevent possible race condition in br_fdb_change_mac_address 2014-02-10 14:34:34 -08:00
br_forward.c bridge: remove unnecessary parentheses 2013-12-19 19:27:26 -05:00
br_if.c bridge: Change local fdb entries whenever mac address of bridge device changes 2014-02-10 14:34:33 -08:00
br_input.c bridge: Prevent insertion of FDB entry with disallowed vlan 2014-06-26 15:15:39 -04:00
br_ioctl.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_mdb.c
br_multicast.c bridge: multicast: enable snooping on general queries only 2014-03-11 23:22:10 -04:00
br_netfilter.c bridge: change "foo* bar" to "foo *bar" 2013-12-19 19:27:26 -05:00
br_netlink.c bridge: Handle IFLA_ADDRESS correctly when creating bridge device 2014-05-31 13:20:35 -07:00
br_notify.c
br_private.h bridge: Prevent insertion of FDB entry with disallowed vlan 2014-06-26 15:15:39 -04:00
br_private_stp.h
br_stp.c
br_stp_bpdu.c br: fix use of ->rx_handler_data in code executed on non-rx_handler path 2013-12-06 15:41:40 -05:00
br_stp_if.c bridge: Change local fdb entries whenever mac address of bridge device changes 2014-02-10 14:34:33 -08:00
br_stp_timer.c bridge: add space before '(/{', after ',', etc. 2013-12-19 19:27:26 -05:00
br_sysfs_br.c bridge: use DEVICE_ATTR_xx macros 2014-01-06 16:40:46 -05:00
br_sysfs_if.c bridge: change "foo* bar" to "foo *bar" 2013-12-19 19:27:26 -05:00
br_vlan.c bridge: Prevent insertion of FDB entry with disallowed vlan 2014-06-26 15:15:39 -04:00