[pve-devel] [PATCH] support QinQ / vlan stacking
Stefan Priebe - Profihost AG
s.priebe at profihost.ag
Wed Mar 11 09:46:42 CET 2015
Am 11.03.2015 um 09:10 schrieb Dietmar Maurer:
>> Just for the record.
>>
>> Kernel 2.6.32 does not have this problem as it does not forward tagged
>> frames in bridges.
>>
>> With Kernel 3.10 this behaviour changes to people building their
>> security based on the behaviour of 2.6.32. They get unsecure by changing
>> the kernel.
>
> Interesting. Do you know which patch changed that behavior? And is there a way
> to
> switch back to the old behavior?
>
It's the vlan support and vlan filtering series.
For example:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/bridge?id=8580e2117c06ac0c97a561219eaab6dab968ea3f
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/bridge?id=204177f3f30c2dbd2db0aa62b5e9cf9029786450
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/net/bridge?id=0d5501c1c828fb97d02af50aa9d2b1a5498b94e4
and may be others.
The old behaviour can be restored by enabling vlan_filtering on the bridge.
Stefan
More information about the pve-devel
mailing list