diff options
author | Vlad Yasevich <vyasevic@redhat.com> | 2013-02-13 07:00:14 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-02-13 19:42:15 -0500 |
commit | 7885198861fc9a3dfdc6bb90dc0ba12689d6cd57 (patch) | |
tree | a75ed0f9b3fe72be08dcb13216c87f4f8e37bb75 /net/bridge/br_input.c | |
parent | 6cbdceeb1cb12c7d620161925a8c3e81daadb2e4 (diff) |
bridge: Implement vlan ingress/egress policy with PVID.
At ingress, any untagged traffic is assigned to the PVID.
Any tagged traffic is filtered according to membership bitmap.
At egress, if the vlan matches the PVID, the frame is sent
untagged. Otherwise the frame is sent tagged.
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge/br_input.c')
-rw-r--r-- | net/bridge/br_input.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index 787d7dad6b7e..a63f227ad963 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c | |||
@@ -45,6 +45,10 @@ static int br_pass_frame_up(struct sk_buff *skb) | |||
45 | return NET_RX_DROP; | 45 | return NET_RX_DROP; |
46 | } | 46 | } |
47 | 47 | ||
48 | skb = br_handle_vlan(br, br_get_vlan_info(br), skb); | ||
49 | if (!skb) | ||
50 | return NET_RX_DROP; | ||
51 | |||
48 | indev = skb->dev; | 52 | indev = skb->dev; |
49 | skb->dev = brdev; | 53 | skb->dev = brdev; |
50 | 54 | ||
@@ -61,11 +65,12 @@ int br_handle_frame_finish(struct sk_buff *skb) | |||
61 | struct net_bridge_fdb_entry *dst; | 65 | struct net_bridge_fdb_entry *dst; |
62 | struct net_bridge_mdb_entry *mdst; | 66 | struct net_bridge_mdb_entry *mdst; |
63 | struct sk_buff *skb2; | 67 | struct sk_buff *skb2; |
68 | u16 vid = 0; | ||
64 | 69 | ||
65 | if (!p || p->state == BR_STATE_DISABLED) | 70 | if (!p || p->state == BR_STATE_DISABLED) |
66 | goto drop; | 71 | goto drop; |
67 | 72 | ||
68 | if (!br_allowed_ingress(p->br, nbp_get_vlan_info(p), skb)) | 73 | if (!br_allowed_ingress(p->br, nbp_get_vlan_info(p), skb, &vid)) |
69 | goto drop; | 74 | goto drop; |
70 | 75 | ||
71 | /* insert into forwarding database after filtering to avoid spoofing */ | 76 | /* insert into forwarding database after filtering to avoid spoofing */ |