summaryrefslogtreecommitdiff
path: root/net/bridge/br_device.c
diff options
context:
space:
mode:
authorVlad Yasevich <vyasevic@redhat.com>2013-02-13 16:00:10 +0400
committerDavid S. Miller <davem@davemloft.net>2013-02-14 04:41:46 +0400
commita37b85c9fbd1dc69fbec3985763f373203eaf9e3 (patch)
tree3585bf258d87459b48b2d94b66dac9de729ef699 /net/bridge/br_device.c
parent243a2e63f5f47763b802e9dee8dbf1611a1c1322 (diff)
downloadlinux-a37b85c9fbd1dc69fbec3985763f373203eaf9e3.tar.xz
bridge: Validate that vlan is permitted on ingress
When a frame arrives on a port or transmitted by the bridge, if we have VLANs configured, validate that a given VLAN is allowed to enter the bridge. Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_device.c')
-rw-r--r--net/bridge/br_device.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index ca98fa5b2c78..35a2c2c84f33 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -45,6 +45,9 @@ netdev_tx_t br_dev_xmit(struct sk_buff *skb, struct net_device *dev)
brstats->tx_bytes += skb->len;
u64_stats_update_end(&brstats->syncp);
+ if (!br_allowed_ingress(br, br_get_vlan_info(br), skb))
+ goto out;
+
BR_INPUT_SKB_CB(skb)->brdev = dev;
skb_reset_mac_header(skb);