summaryrefslogtreecommitdiffstats
path: root/net/bridge/br_input.c
diff options
context:
space:
mode:
authorVlad Yasevich <vyasevic@redhat.com>2013-02-13 13:00:14 +0100
committerDavid S. Miller <davem@davemloft.net>2013-02-14 01:42:15 +0100
commit7885198861fc9a3dfdc6bb90dc0ba12689d6cd57 (patch)
treea75ed0f9b3fe72be08dcb13216c87f4f8e37bb75 /net/bridge/br_input.c
parentbridge: Dump vlan information from a bridge port (diff)
downloadlinux-7885198861fc9a3dfdc6bb90dc0ba12689d6cd57.tar.xz
linux-7885198861fc9a3dfdc6bb90dc0ba12689d6cd57.zip
bridge: Implement vlan ingress/egress policy with PVID.
At ingress, any untagged traffic is assigned to the PVID. Any tagged traffic is filtered according to membership bitmap. At egress, if the vlan matches the PVID, the frame is sent untagged. Otherwise the frame is sent tagged. Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_input.c')
-rw-r--r--net/bridge/br_input.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 787d7dad6b7e..a63f227ad963 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -45,6 +45,10 @@ static int br_pass_frame_up(struct sk_buff *skb)
return NET_RX_DROP;
}
+ skb = br_handle_vlan(br, br_get_vlan_info(br), skb);
+ if (!skb)
+ return NET_RX_DROP;
+
indev = skb->dev;
skb->dev = brdev;
@@ -61,11 +65,12 @@ int br_handle_frame_finish(struct sk_buff *skb)
struct net_bridge_fdb_entry *dst;
struct net_bridge_mdb_entry *mdst;
struct sk_buff *skb2;
+ u16 vid = 0;
if (!p || p->state == BR_STATE_DISABLED)
goto drop;
- if (!br_allowed_ingress(p->br, nbp_get_vlan_info(p), skb))
+ if (!br_allowed_ingress(p->br, nbp_get_vlan_info(p), skb, &vid))
goto drop;
/* insert into forwarding database after filtering to avoid spoofing */