| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d8cc158b-8b3b-17eb-91cc-7a46d7fc011e@ziu.info> Date: Tue, 6 Sep 2016 23:59:19 +0200 From: Michal Soltys <soltys@....info> To: Linux Netdev List <netdev@...r.kernel.org> Subject: vlan aware bridge doesn't propagate mac changes to vlans on top of it Consider following scenario: - create vlan aware bridge (say br0) - setup br0's vlans, e.g. bridge vlan add dev br0 vid 10 self This will add necessary fdb entries directing appropriate traffic to the bridge itself. - create appropriate vlan interfaces on top of it, for example: ip li add link br0 name br0.10 type vlan id 10 ip add add 10.0.0.1/8 dev br0.10 .... This will add vlan devices on top of br0 and *inherit br0's mac address*. - now after all of the above is done ip li set eth0 master br0 This will attach interface eth0 to the bridge. With this being the first interface attached, br0 will take it's mac address as its own. Any further changes to br0's ports may cause the same, with the lowest mac address of some port becoming br0's mac. This will update fdb entries as well, but all vlan interfaces on top of br0 (e.g. br0.10) will be using old mac address from the time when vlan was created. The side effect of it is that any traffic addressed to such interface will be flooded to all ports (and br0 itself). The only workaround I found is to either manually update mac addresses with 'ip' or recreate vlans (bridge fdb refused to update relevant entries). But if br0's mac changes due to some port changes - shouldn't it be somehow propagated automatically to vlans created on top of it ?
Powered by blists - more mailing lists