• Florian Zumbiehl's avatar
    vlan: don't deliver frames for unknown vlans to protocols · 48cc32d3
    Florian Zumbiehl authored
    6a32e4f9 made the vlan code skip marking
    vlan-tagged frames for not locally configured vlans as PACKET_OTHERHOST if
    there was an rx_handler, as the rx_handler could cause the frame to be received
    on a different (virtual) vlan-capable interface where that vlan might be
    configured.
    
    As rx_handlers do not necessarily return RX_HANDLER_ANOTHER, this could cause
    frames for unknown vlans to be delivered to the protocol stack as if they had
    been received untagged.
    
    For example, if an ipv6 router advertisement that's tagged for a locally not
    configured vlan is received on an interface with macvlan interfaces attached,
    macvlan's rx_handler returns RX_HANDLER_PASS after delivering the frame to the
    macvlan interfaces, which caused it to be passed to the protocol stack, leading
    to ipv6 addresses for the announced prefix being configured even though those
    are completely unusable on the underlying interface.
    
    The fix moves marking as PACKET_OTHERHOST after the rx_handler so the
    rx_handler, if there is one, sees the frame unchanged, but afterwards,
    before the frame is delivered to the protocol stack, it gets marked whether
    there is an rx_handler or not.
    Signed-off-by: default avatarFlorian Zumbiehl <florz@florz.de>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    48cc32d3
dev.c 163 KB