| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Apr 2007 01:22:09 +0200
From: Lennert Buytenhek <buytenh@...tstofly.org>
To: Stephen Hemminger <shemminger@...ux-foundation.org>
Cc: netdev@...r.kernel.org
Subject: Re: [RFC] bridge: if no STP then forward all BPDU's
On Tue, Apr 24, 2007 at 04:12:26PM -0700, Stephen Hemminger wrote:
> The bridge code by default captures all spanning tree packets and
> doesn't forward them. I propose that this might not be a good idea.
As far as I remember, the original bridge code did pass through BPDUs
when STP was disabled. I think that that is the only right way to
behave.
> --- bridge-2.6.22.orig/net/bridge/br_input.c
> +++ bridge-2.6.22/net/bridge/br_input.c
> @@ -131,8 +131,16 @@ struct sk_buff *br_handle_frame(struct n
> if (!is_valid_ether_addr(eth_hdr(skb)->h_source))
> goto drop;
>
> - if (unlikely(is_link_local(dest))) {
> - skb->pkt_type = PACKET_HOST;
> + /*
> + * If STP is running, then trap all link-local (802.1x) frames
> + * process through normal receive path.
> + *
> + * For safety, if not running STP then act as a completely transparent
> + * device. This means that if STP is running on another machine, it
> + * can still detect cycles.
> + */
> + if (p->br->stp_enabled != BR_NO_STP && is_link_local(dest)) {
> + /* skb->pkt_type should already be PACKET_MULTICAST */
(Does this check include PAUSE frames? We still don't want to
forward PAUSE frames in any case..)
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists