summaryrefslogtreecommitdiffstats
path: root/net/bridge/br_vlan.c
diff options
context:
space:
mode:
authorVlad Yasevich <vyasevic@redhat.com>2013-02-13 13:00:10 +0100
committerDavid S. Miller <davem@davemloft.net>2013-02-14 01:41:46 +0100
commita37b85c9fbd1dc69fbec3985763f373203eaf9e3 (patch)
tree3585bf258d87459b48b2d94b66dac9de729ef699 /net/bridge/br_vlan.c
parentbridge: Add vlan filtering infrastructure (diff)
downloadlinux-a37b85c9fbd1dc69fbec3985763f373203eaf9e3.tar.xz
linux-a37b85c9fbd1dc69fbec3985763f373203eaf9e3.zip
bridge: Validate that vlan is permitted on ingress
When a frame arrives on a port or transmitted by the bridge, if we have VLANs configured, validate that a given VLAN is allowed to enter the bridge. Signed-off-by: Vlad Yasevich <vyasevic@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_vlan.c')
-rw-r--r--net/bridge/br_vlan.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 209464ef5242..8b4bcd8ff46e 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -64,6 +64,31 @@ static void __vlan_flush(struct net_port_vlans *v)
kfree_rcu(v, rcu);
}
+/* Called under RCU */
+bool br_allowed_ingress(struct net_bridge *br, struct net_port_vlans *v,
+ struct sk_buff *skb)
+{
+ u16 vid;
+
+ /* If VLAN filtering is disabled on the bridge, all packets are
+ * permitted.
+ */
+ if (!br->vlan_enabled)
+ return true;
+
+ /* If there are no vlan in the permitted list, all packets are
+ * rejected.
+ */
+ if (!v)
+ return false;
+
+ br_vlan_get_tag(skb, &vid);
+ if (test_bit(vid, v->vlan_bitmap))
+ return true;
+
+ return false;
+}
+
/* Must be protected by RTNL */
int br_vlan_add(struct net_bridge *br, u16 vid)
{