On Thu, 2013-01-03 at 01:39 +0100, Pablo Neira Ayuso wrote:
> On Sun, Dec 30, 2012 at 02:28:51PM +0800, akong@xxxxxxxxxx wrote:
> > From: Amos Kong <akong@xxxxxxxxxx>
> >
> > 4096 is not a valid vlan id.
> >
> > Signed-off-by: Amos Kong <akong@xxxxxxxxxx>
> > ---
> > net/bridge/netfilter/ebt_vlan.c | 4 ++--
> > 1 file changed, 2 insertions(+), 2 deletions(-)
> >
> > diff --git a/net/bridge/netfilter/ebt_vlan.c b/net/bridge/netfilter/ebt_vlan.c
> > index eae67bf..b279ec0 100644
> > --- a/net/bridge/netfilter/ebt_vlan.c
> > +++ b/net/bridge/netfilter/ebt_vlan.c
> > @@ -121,8 +121,8 @@ static int ebt_vlan_mt_check(const struct xt_mtchk_param *par)
> > * if_vlan.h: VLAN_N_VID 4096. */
> > if (GET_BITMASK(EBT_VLAN_ID)) {
> > if (!!info->id) { /* if id!=0 => check vid range */
> > - if (info->id > VLAN_N_VID) {
> > - pr_debug("id %d is out of range (1-4096)\n",
> > + if (info->id >= VLAN_N_VID) {
> > + pr_debug("id %d is out of range (1-4095)\n",
>
> Someone may forge frames including reserved VLAN ids.
They may find it difficult to fit the value 4096 into a 12-bit field,
though.
Ben.
> People can use ebtables to drop invalid frames, this is a firewalling
> utility after all ;-). I'm not taking these, sorry.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
