bridge: vlan: enforce no pvid flag in vlan ranges
Currently it's possible for someone to send a vlan range to the kernel with the pvid flag set which will result in the pvid bouncing from a vlan to vlan and isn't correct, it also introduces problems for hardware where it doesn't make sense having more than 1 pvid. iproute2 already enforces this, so let's enforce it on kernel-side as well. Reported-by: Elad Raz <eladr@mellanox.com> Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Acked-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
cbb41b91e6
commit
6623c60dc2
|
@ -524,6 +524,9 @@ static int br_afspec(struct net_bridge *br,
|
||||||
if (vinfo_start)
|
if (vinfo_start)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
vinfo_start = vinfo;
|
vinfo_start = vinfo;
|
||||||
|
/* don't allow range of pvids */
|
||||||
|
if (vinfo_start->flags & BRIDGE_VLAN_INFO_PVID)
|
||||||
|
return -EINVAL;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue