D51310.id158487.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D51310.id158487.diff
View Options

	diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
	--- a/sys/net/if_bridge.c
	+++ b/sys/net/if_bridge.c
	@@ -1386,6 +1386,29 @@
	if (ifs->if_ioctl == NULL) /* must be supported */
	ERRMSG(EINVAL, "Interface must support ioctl(2)");

	+ /*
	+ * If the new interface is a vlan(4), it could be a bridge SVI.
	+ * Don't allow such things to be added to bridges.
	+ */
	+ if (ifs->if_type == IFT_L2VLAN) {
	+ struct ifnet *parent;
	+ struct epoch_tracker et;
	+ bool is_bridge;
	+
	+ /*
	+ * Entering NET_EPOCH with BRIDGE_LOCK held, but this is okay
	+ * since we don't sleep here.
	+ */
	+ NET_EPOCH_ENTER(et);
	+ parent = VLAN_TRUNKDEV(ifs);
	+ is_bridge = (parent != NULL && parent->if_type == IFT_BRIDGE);
	+ NET_EPOCH_EXIT(et);
	+
	+ if (is_bridge)
	+ ERRMSG(EINVAL,
	+ "Bridge SVI cannot be added to a bridge");
	+ }
	+
	/* If it's in the span list, it can't be a member. */
	CK_LIST_FOREACH(bif, &sc->sc_spanlist, bif_next)
	if (ifs == bif->bif_ifp)
	diff --git a/sys/net/if_vlan.c b/sys/net/if_vlan.c
	--- a/sys/net/if_vlan.c
	+++ b/sys/net/if_vlan.c
	@@ -2336,6 +2336,18 @@
	error = ENOENT;
	break;
	}
	+
	+ /*
	+ * If the ifp is in a bridge, do not allow setting the device
	+ * to a bridge; this prevents having a bridge SVI as a bridge
	+ * member (which is not permitted).
	+ */
	+ if (ifp->if_bridge != NULL && p->if_type == IFT_BRIDGE) {
	+ if_rele(p);
	+ error = EINVAL;
	+ break;
	+ }
	+
	if (vlr.vlr_proto == 0)
	vlr.vlr_proto = ETHERTYPE_VLAN;
	oldmtu = ifp->if_mtu;
	diff --git a/tests/sys/net/if_bridge_test.sh b/tests/sys/net/if_bridge_test.sh
	--- a/tests/sys/net/if_bridge_test.sh
	+++ b/tests/sys/net/if_bridge_test.sh
	@@ -1311,6 +1311,56 @@
	vnet_cleanup
	}

	+# Adding a bridge SVI to a bridge should not be allowed.
	+# Variant 1: adding the already-configured SVI.
	+atf_test_case "bridgeception_1" "cleanup"
	+bridgeception_1_head()
	+{
	+ atf_set descr 'adding a bridge SVI to a bridge is not allowed (1)'
	+ atf_set require.user root
	+}
	+
	+bridgeception_1_body()
	+{
	+ vnet_init
	+ vnet_init_bridge
	+
	+ bridge=$(vnet_mkbridge)
	+ atf_check -s exit:0 ifconfig ${bridge}.1 create
	+ atf_check -s exit:1 -e ignore ifconfig ${bridge} addm ${bridge}.1
	+}
	+
	+bridgeception_1_cleanup()
	+{
	+ vnet_cleanup
	+}
	+
	+# Adding a bridge SVI to a bridge should not be allowed.
	+# Variant 2: adding an unconfigured vlan(4), then changing the device
	+atf_test_case "bridgeception_2" "cleanup"
	+bridgeception_2_head()
	+{
	+ atf_set descr 'adding a bridge SVI to a bridge is not allowed (2)'
	+ atf_set require.user root
	+}
	+
	+bridgeception_2_body()
	+{
	+ vnet_init
	+ vnet_init_bridge
	+
	+ bridge=$(vnet_mkbridge)
	+ vlan=$(vnet_mkvlan)
	+
	+ atf_check -s exit:0 ifconfig ${bridge} addm ${vlan}
	+ atf_check -s exit:1 -e ignore ifconfig ${vlan} vlan 1 vlandev ${bridge}
	+}
	+
	+bridgeception_2_cleanup()
	+{
	+ vnet_cleanup
	+}
	+
	atf_init_test_cases()
	{
	atf_add_test_case "bridge_transmit_ipv4_unicast"
	@@ -1338,4 +1388,6 @@
	atf_add_test_case "vlan_ifconfig_tagged"
	atf_add_test_case "vlan_svi"
	atf_add_test_case "vlan_qinq"
	+ atf_add_test_case "bridgeception_1"
	+ atf_add_test_case "bridgeception_2"
	}

File Metadata

Mime Type: text/plain
Expires: Sun, May 17, 1:51 AM (18 h, 42 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 33166217
Default Alt Text: D51310.id158487.diff (3 KB)

D51310.id158487.diffNo OneTemporaryActions

D51310.id158487.diffView Options

File Metadata

Event Timeline

D51310.id158487.diff
No OneTemporary
Actions

D51310.id158487.diff
View Options