Thread (30 messages) 30 messages, 6 authors, 2012-12-21

Re: [PATCH net-next V4 04/13] bridge: Verify that a vlan is allowed to egress on give port

From: Shmulik Ladkani <hidden>
Date: 2012-12-20 14:29:05 

Hi Vlad,

On Wed, 19 Dec 2012 12:48:15 -0500 Vlad Yasevich [off-list ref] wrote:
 /* Don't forward packets to originating port or forwarding diasabled */
 static inline int should_deliver(const struct net_bridge_port *p,
 				 const struct sk_buff *skb)
 {
 	return (((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
+		br_allowed_egress(p, skb) &&
 		p->state == BR_STATE_FORWARDING);
 }
This should be also encorporated into 'br_pass_frame_up' somehow.

Egress permission when leaving the bridge towards IP stack ("egress"
on the "bridge master port" from bridging point-of-view) should be
validated according to master port's membership.

Regards,
Shmulik
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help