diff options
author | Vlad Yasevich <vyasevic@redhat.com> | 2013-02-13 12:00:10 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-02-13 19:41:46 -0500 |
commit | a37b85c9fbd1dc69fbec3985763f373203eaf9e3 (patch) | |
tree | 3585bf258d87459b48b2d94b66dac9de729ef699 /net/bridge/br_vlan.c | |
parent | 243a2e63f5f47763b802e9dee8dbf1611a1c1322 (diff) |
bridge: Validate that vlan is permitted on ingress
When a frame arrives on a port or transmitted by the bridge,
if we have VLANs configured, validate that a given VLAN is allowed
to enter the bridge.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_vlan.c')
-rw-r--r-- | net/bridge/br_vlan.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c index 209464ef5242..8b4bcd8ff46e 100644 --- a/net/bridge/br_vlan.c +++ b/net/bridge/br_vlan.c @@ -64,6 +64,31 @@ static void __vlan_flush(struct net_port_vlans *v) kfree_rcu(v, rcu); } +/* Called under RCU */ +bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v, + struct sk_buff *skb) +{ + u16 vid; + + /* If VLAN filtering is disabled on the bridge, all packets are + * permitted. + */ + if (!br->vlan_enabled) + return true; + + /* If there are no vlan in the permitted list, all packets are + * rejected. + */ + if (!v) + return false; + + br_vlan_get_tag(skb, &vid); + if (test_bit(vid, v->vlan_bitmap)) + return true; + + return false; +} + /* Must be protected by RTNL */ int br_vlan_add(struct net_bridge *br, u16 vid) { |